Merge pull request #2360 from brauner/2018-05-29/conf_cleanup

conf: small cleanups

Merge pull request #2360 from brauner/2018-05-29/conf_cleanup
81d70615 · Stéphane Graber · GitHub · 5c478fb5 · 32fd6cf3 · 81d70615
Unverified Commit 81d70615 authored May 29, 2018 by Stéphane Graber Committed by GitHub May 29, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 40 additions and 31 deletions

conf.c src/lxc/conf.c +8 -7

conf.h src/lxc/conf.h +8 -7

lxccontainer.c src/lxc/lxccontainer.c +4 -4

start.c src/lxc/start.c +14 -13

state.h src/lxc/state.h +6 -0

No files found.
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1499,7 +1499,7 @@ static int setup_pivot_root(const struct lxc_rootfs *rootfs)
 	return 0;
 }

-static struct id_map *find_mapped_nsid_entry(struct lxc_conf *conf, unsigned id,
+static const struct id_map *find_mapped_nsid_entry(struct lxc_conf *conf, unsigned id,
 					     enum idtype idtype)
 {
 	struct lxc_list *it;
@@ -2676,7 +2676,7 @@ struct lxc_conf *lxc_conf_init(void)
 	lxc_list_init(&new->state_clients);
 	new->lsm_aa_profile = NULL;
 	new->lsm_se_context = NULL;
-	new->tmp_umount_proc = 0;
+	new->tmp_umount_proc = false;

 	/* if running in a new user namespace, init and COMMAND
 	 * default to running as UID/GID 0 when using lxc-execute */
@@ -3158,7 +3158,7 @@ int lxc_create_tmp_proc_mount(struct lxc_conf *conf)
 		if (conf->rootfs.path)
 			return -1;
 	} else if (mounted == 1) {
-		conf->tmp_umount_proc = 1;
+		conf->tmp_umount_proc = true;
 	}

 	return 0;
@@ -3166,11 +3166,11 @@ int lxc_create_tmp_proc_mount(struct lxc_conf *conf)

 void tmp_proc_unmount(struct lxc_conf *lxc_conf)
 {
-	if (lxc_conf->tmp_umount_proc != 1)
+	if (!lxc_conf->tmp_umount_proc)
 		return;

-	umount("/proc");
-	lxc_conf->tmp_umount_proc = 0;
+	(void)umount2("/proc", MNT_DETACH);
+	lxc_conf->tmp_umount_proc = false;
 }

 /* Walk /proc/mounts and change any shared entries to slave. */
@@ -3965,7 +3965,8 @@ static int run_userns_fn(void *data)
 static struct id_map *mapped_nsid_add(struct lxc_conf *conf, unsigned id,
 				      enum idtype idtype)
 {
-	struct id_map *map, *retmap;
+	const struct id_map *map;
+	struct id_map *retmap;

 	map = find_mapped_nsid_entry(conf, id, idtype);
 	if (!map)

--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -233,13 +233,13 @@ struct lxc_conf {
 		 * Pointer to the idmap entry for the container's root uid in
 		 * the id_map list. Do not free!
 		 */
-		struct id_map *root_nsuid_map;
+		const struct id_map *root_nsuid_map;

 		/*
 		 * Pointer to the idmap entry for the container's root gid in
 		 * the id_map list. Do not free!
 		 */
-		struct id_map *root_nsgid_map;
+		const struct id_map *root_nsgid_map;
 	};

 	struct lxc_list network;
@@ -260,7 +260,10 @@ struct lxc_conf {
 	/* maximum pty devices allowed by devpts mount */
 	size_t pty_max;

+	/* set to true when rootfs has been setup */
+	bool rootfs_setup;
 	struct lxc_rootfs rootfs;
+
 	bool close_all_fds;

 	struct {
@@ -271,7 +274,7 @@ struct lxc_conf {
 	char *lsm_aa_profile;
 	unsigned int lsm_aa_allow_incomplete;
 	char *lsm_se_context;
-	int tmp_umount_proc;
+	bool tmp_umount_proc;
 	char *seccomp;  /* filename with the seccomp rules */
 #if HAVE_SCMP_FILTER_CTX
 	scmp_filter_ctx seccomp_ctx;
@@ -301,9 +304,6 @@ struct lxc_conf {
 	/* unshare the mount namespace in the monitor */
 	unsigned int monitor_unshare;

-	/* set to true when rootfs has been setup */
-	bool rootfs_setup;
-
 	/* list of included files */
 	struct lxc_list includes;
 	/* config entries which are not "lxc.*" are aliens */
@@ -315,7 +315,8 @@ struct lxc_conf {

 	/* text representation of the config file */
 	char *unexpanded_config;
-	size_t unexpanded_len, unexpanded_alloced;
+	size_t unexpanded_len;
+	size_t unexpanded_alloced;

 	/* default command for lxc-execute */
 	char *execute_cmd;

--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -1036,7 +1036,7 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
 		}
 	}

-	conf->reboot = 0;
+	conf->reboot = REBOOT_NONE;

 	/* Unshare the mount namespace if requested */
 	if (conf->monitor_unshare) {
@@ -1058,7 +1058,7 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
 	}

 reboot:
-	if (conf->reboot == 2) {
+	if (conf->reboot == REBOOT_INIT) {
 		/* initialize handler */
 		handler = lxc_init_handler(c->name, conf, c->config_path, c->daemonize);
 		if (!handler) {
@@ -1085,9 +1085,9 @@ reboot:
 		ret = lxc_start(c->name, argv, handler, c->config_path,
 				c->daemonize, &c->error_num);

-	if (conf->reboot == 1) {
+	if (conf->reboot == REBOOT_REQ) {
 		INFO("Container requested reboot");
-		conf->reboot = 2;
+		conf->reboot = REBOOT_INIT;
 		goto reboot;
 	}


--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -646,7 +646,7 @@ void lxc_free_handler(struct lxc_handler *handler)

 	lxc_put_nsfds(handler);

-	if (handler->conf && handler->conf->reboot == 0)
+	if (handler->conf && handler->conf->reboot == REBOOT_NONE)
 		if (handler->conf->maincmd_fd >= 0)
 			close(handler->conf->maincmd_fd);

@@ -684,7 +684,7 @@ struct lxc_handler *lxc_init_handler(const char *name, struct lxc_conf *conf,
 	handler->sigfd = -EBADF;
 	handler->init_died = false;
 	handler->state_socket_pair[0] = handler->state_socket_pair[1] = -1;
-	if (handler->conf->reboot == 0)
+	if (handler->conf->reboot == REBOOT_NONE)
 		lxc_list_init(&handler->conf->state_clients);

 	for (i = 0; i < LXC_NS_MAX; i++)
@@ -692,7 +692,7 @@ struct lxc_handler *lxc_init_handler(const char *name, struct lxc_conf *conf,

 	handler->name = name;

-	if (daemonize && !handler->conf->reboot) {
+	if (daemonize && handler->conf->reboot == REBOOT_NONE) {
 		/* Create socketpair() to synchronize on daemonized startup.
 		 * When the container reboots we don't need to synchronize
 		 * again currently so don't open another socketpair().
@@ -708,7 +708,7 @@ struct lxc_handler *lxc_init_handler(const char *name, struct lxc_conf *conf,
 		      handler->state_socket_pair[1]);
 	}

-	if (handler->conf->reboot == 0) {
+	if (handler->conf->reboot == REBOOT_NONE) {
 		handler->conf->maincmd_fd = lxc_cmd_init(name, lxcpath, "command");
 		if (handler->conf->maincmd_fd < 0) {
 			ERROR("Failed to set up command socket");
@@ -918,14 +918,14 @@ void lxc_fini(const char *name, struct lxc_handler *handler)
 	}
 	namespaces[namespace_count] = NULL;

-	if (handler->conf->reboot) {
+	if (handler->conf->reboot > REBOOT_NONE) {
 		ret = setenv("LXC_TARGET", "reboot", 1);
 		if (ret < 0)
 			SYSERROR("Failed to set environment variable: "
 				 "LXC_TARGET=reboot");
 	}

-	if (!handler->conf->reboot) {
+	if (handler->conf->reboot == REBOOT_NONE) {
 		ret = setenv("LXC_TARGET", "stop", 1);
 		if (ret < 0)
 			SYSERROR("Failed to set environment variable: "
@@ -945,7 +945,7 @@ void lxc_fini(const char *name, struct lxc_handler *handler)
 	cgroup_ops->destroy(cgroup_ops, handler);
 	cgroup_exit(cgroup_ops);

-	if (handler->conf->reboot == 0) {
+	if (handler->conf->reboot == REBOOT_NONE) {
 		/* For all new state clients simply close the command socket.
 		 * This will inform all state clients that the container is
 		 * STOPPED and also prevents a race between a open()/close() on
@@ -973,9 +973,9 @@ void lxc_fini(const char *name, struct lxc_handler *handler)
 	ret = run_lxc_hooks(name, "post-stop", handler->conf, NULL);
 	if (ret < 0) {
 		ERROR("Failed to run lxc.hook.post-stop for container \"%s\"", name);
-		if (handler->conf->reboot) {
+		if (handler->conf->reboot > REBOOT_NONE) {
 			WARN("Container will be stopped instead of rebooted");
-			handler->conf->reboot = 0;
+			handler->conf->reboot = REBOOT_NONE;

 			ret = setenv("LXC_TARGET", "stop", 1);
 			if (ret < 0)
@@ -999,7 +999,8 @@ void lxc_fini(const char *name, struct lxc_handler *handler)
 		struct lxc_state_client *client = cur->elem;

 		/* Keep state clients that want to be notified about reboots. */
-		if ((handler->conf->reboot > 0) && (client->states[RUNNING] == 2))
+		if ((handler->conf->reboot > REBOOT_NONE) &&
+		    (client->states[RUNNING] == 2))
 			continue;

 		/* close state client socket */
@@ -1009,7 +1010,7 @@ void lxc_fini(const char *name, struct lxc_handler *handler)
 		free(cur);
 	}

-	if (handler->conf->ephemeral == 1 && handler->conf->reboot != 1)
+	if (handler->conf->ephemeral == 1 && handler->conf->reboot != REBOOT_REQ)
 		lxc_destroy_container_on_signal(handler, name);

 	lxc_free_handler(handler);
@@ -1892,7 +1893,7 @@ int __lxc_start(const char *name, struct lxc_handler *handler,
 	close(handler->data_sock[1]);
 	handler->data_sock[1] = -1;

-	handler->conf->reboot = 0;
+	handler->conf->reboot = REBOOT_NONE;

 	ret = lxc_poll(name, handler);
 	if (ret) {
@@ -1915,7 +1916,7 @@ int __lxc_start(const char *name, struct lxc_handler *handler,
 			break;
 		case SIGHUP: /* reboot */
 			DEBUG("Container \"%s\" is rebooting", name);
-			handler->conf->reboot = 1;
+			handler->conf->reboot = REBOOT_REQ;
 			break;
 		case SIGSYS: /* seccomp */
 			DEBUG("Container \"%s\" violated its seccomp policy", name);

--- a/src/lxc/state.h
+++ b/src/lxc/state.h
@@ -35,6 +35,12 @@ typedef enum {
 	MAX_STATE,
 } lxc_state_t;

+enum {
+	REBOOT_NONE,
+	REBOOT_REQ,
+	REBOOT_INIT
+};
+
 extern lxc_state_t lxc_getstate(const char *name, const char *lxcpath);

 extern lxc_state_t lxc_str2state(const char *state);