Skip to content

L
lxc
Commit 8d3786cb by Stéphane Graber Committed by GitHub
Options

Merge pull request #1317 from brauner/2016-11-24/cleanup_attach

cleanup attach
parents b5e39501 8ce83369
Showing with 252 additions and 256 deletions
src/lxc/attach.c
......@@ -85,12 +85,13 @@
lxc_log_define(lxc_attach, lxc);
/* /proc/pid-to-str/current\0 = (5 + 21 + 7 + 1) */
#define __LSMATTRLEN (5 + 21 + 7 + 1)
static int lsm_openat(int procfd, pid_t pid, int on_exec)
{
int ret = -1;
int labelfd = -1;
const char* name;
#define __LSMATTRLEN /* /proc */ (5 + /* /pid-to-str */ 21 + /* /current */ 7 + /* \0 */ 1)
const char *name;
char path[__LSMATTRLEN];
name = lsm_name();
......@@ -105,20 +106,16 @@ static int lsm_openat(int procfd, pid_t pid, int on_exec)
if (strcmp(name, "AppArmor") == 0)
on_exec = 0;
if (on_exec) {
if (on_exec)
ret = snprintf(path, __LSMATTRLEN, "%d/attr/exec", pid);
if (ret < 0 || ret >= __LSMATTRLEN)
return -1;
labelfd = openat(procfd, path, O_RDWR);
} else {
else
ret = snprintf(path, __LSMATTRLEN, "%d/attr/current", pid);
if (ret < 0 || ret >= __LSMATTRLEN)
return -1;
labelfd = openat(procfd, path, O_RDWR);
}
if (ret < 0 || ret >= __LSMATTRLEN)
return -1;
labelfd = openat(procfd, path, O_RDWR);
if (labelfd < 0) {
SYSERROR("Unable to open LSM label");
SYSERROR("Unable to open file descriptor to set LSM label.");
return -1;
}
......@@ -148,13 +145,13 @@ static int lsm_set_label_at(int lsm_labelfd, int on_exec, char *lsm_label)
command = malloc(strlen(lsm_label) + strlen("changeprofile ") + 1);
if (!command) {
SYSERROR("Failed to write apparmor profile");
SYSERROR("Failed to write apparmor profile.");
goto out;
}
size = sprintf(command, "changeprofile %s", lsm_label);
if (size < 0) {
SYSERROR("Failed to write apparmor profile");
SYSERROR("Failed to write apparmor profile.");
goto out;
}
......@@ -165,12 +162,12 @@ static int lsm_set_label_at(int lsm_labelfd, int on_exec, char *lsm_label)
INFO("Set LSM label to: %s.", command);
} else if (strcmp(name, "SELinux") == 0) {
if (write(lsm_labelfd, lsm_label, strlen(lsm_label) + 1) < 0) {
SYSERROR("Unable to set LSM label");
SYSERROR("Unable to set LSM label: %s.", lsm_label);
goto out;
}
INFO("Set LSM label to: %s.", lsm_label);
} else {
ERROR("Unable to restore label for unknown LSM: %s", name);
ERROR("Unable to restore label for unknown LSM: %s.", name);
goto out;
}
fret = 0;
......@@ -184,34 +181,40 @@ out:
return fret;
}
/* /proc/pid-to-str/status\0 = (5 + 21 + 7 + 1) */
#define __PROC_STATUS_LEN (5 + 21 + 7 + 1)
static struct lxc_proc_context_info *lxc_proc_get_context_info(pid_t pid)
{
struct lxc_proc_context_info *info = calloc(1, sizeof(*info));
FILE *proc_file;
char proc_fn[MAXPATHLEN];
char proc_fn[__PROC_STATUS_LEN];
bool found;
int ret;
char *line = NULL;
size_t line_bufsz = 0;
int ret, found;
struct lxc_proc_context_info *info = NULL;
if (!info) {
SYSERROR("Could not allocate memory.");
return NULL;
}
/* read capabilities */
snprintf(proc_fn, MAXPATHLEN, "/proc/%d/status", pid);
/* Read capabilities. */
ret = snprintf(proc_fn, __PROC_STATUS_LEN, "/proc/%d/status", pid);
if (ret < 0 || ret >= __PROC_STATUS_LEN)
goto on_error;
proc_file = fopen(proc_fn, "r");
if (!proc_file) {
SYSERROR("Could not open %s", proc_fn);
goto out_error;
SYSERROR("Could not open %s.", proc_fn);
goto on_error;
}
info = calloc(1, sizeof(*info));
if (!info) {
SYSERROR("Could not allocate memory.");
return NULL;
}
found = 0;
found = false;
while (getline(&line, &line_bufsz, proc_file) != -1) {
ret = sscanf(line, "CapBnd: %llx", &info->capability_mask);
if (ret != EOF && ret > 0) {
found = 1;
if (ret != EOF && ret == 1) {
found = true;
break;
}
}
......@@ -220,16 +223,16 @@ static struct lxc_proc_context_info *lxc_proc_get_context_info(pid_t pid)
fclose(proc_file);
if (!found) {
SYSERROR("Could not read capability bounding set from %s", proc_fn);
SYSERROR("Could not read capability bounding set from %s.", proc_fn);
errno = ENOENT;
goto out_error;
goto on_error;
}
info->lsm_label = lsm_process_label_get(pid);
return info;
out_error:
on_error:
free(info);
return NULL;
}
......@@ -249,14 +252,12 @@ static int lxc_attach_to_ns(pid_t pid, int which)
if (access("/proc/self/ns", X_OK)) {
ERROR("Does this kernel version support 'attach' ?");
ERROR("Does this kernel version support namespaces?");
return -1;
}
for (i = 0; i < LXC_NS_MAX; i++) {
/* ignore if we are not supposed to attach to that
* namespace
*/
/* Ignore if we are not supposed to attach to that namespace. */
if (which != -1 && !(which & ns_info[i].clone_flag)) {
fd[i] = -1;
continue;
......@@ -266,14 +267,14 @@ static int lxc_attach_to_ns(pid_t pid, int which)
if (fd[i] < 0) {
saved_errno = errno;
/* close all already opened file descriptors before
* we return an error, so we don't leak them
/* Close all already opened file descriptors before we
* return an error, so we don't leak them.
*/
for (j = 0; j < i; j++)
close(fd[j]);
errno = saved_errno;
SYSERROR("failed to open namespace: '%s'.", ns_info[i].proc_name);
SYSERROR("Failed to open namespace: \"%s\".", ns_info[i].proc_name);
return -1;
}
}
......@@ -307,43 +308,42 @@ static int lxc_attach_remount_sys_proc(void)
ret = unshare(CLONE_NEWNS);
if (ret < 0) {
SYSERROR("failed to unshare mount namespace");
SYSERROR("Failed to unshare mount namespace.");
return -1;
}
if (detect_shared_rootfs()) {
if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL)) {
SYSERROR("Failed to make / rslave");
SYSERROR("Failed to make / rslave.");
ERROR("Continuing...");
}
}
/* assume /proc is always mounted, so remount it */
/* Assume /proc is always mounted, so remount it. */
ret = umount2("/proc", MNT_DETACH);
if (ret < 0) {
SYSERROR("failed to unmount /proc");
SYSERROR("Failed to unmount /proc.");
return -1;
}
ret = mount("none", "/proc", "proc", 0, NULL);
if (ret < 0) {
SYSERROR("failed to remount /proc");
SYSERROR("Failed to remount /proc.");
return -1;
}
/* try to umount /sys - if it's not a mount point,
* we'll get EINVAL, then we ignore it because it
* may not have been mounted in the first place
/* Try to umount /sys. If it's not a mount point, we'll get EINVAL, then
* we ignore it because it may not have been mounted in the first place.
*/
ret = umount2("/sys", MNT_DETACH);
if (ret < 0 && errno != EINVAL) {
SYSERROR("failed to unmount /sys");
SYSERROR("Failed to unmount /sys.");
return -1;
} else if (ret == 0) {
/* remount it */
/* Remount it. */
ret = mount("none", "/sys", "sysfs", 0, NULL);
if (ret < 0) {
SYSERROR("failed to remount /sys");
SYSERROR("Failed to remount /sys.");
return -1;
}
}
......@@ -361,7 +361,7 @@ static int lxc_attach_drop_privs(struct lxc_proc_context_info *ctx)
continue;
if (prctl(PR_CAPBSET_DROP, cap, 0, 0, 0)) {
SYSERROR("failed to remove capability id %d", cap);
SYSERROR("Failed to remove capability id %d.", cap);
return -1;
}
}
......@@ -382,8 +382,8 @@ static int lxc_attach_set_environment(enum lxc_attach_env_policy_t policy, char*
extra_keep_store = calloc(count, sizeof(char *));
if (!extra_keep_store) {
SYSERROR("failed to allocate memory for storing current "
"environment variable values that will be kept");
SYSERROR("Failed to allocate memory for storing current "
"environment variable values that will be kept.");
return -1;
}
for (i = 0; i < count; i++) {
......@@ -391,8 +391,8 @@ static int lxc_attach_set_environment(enum lxc_attach_env_policy_t policy, char*
if (v) {
extra_keep_store[i] = strdup(v);
if (!extra_keep_store[i]) {
SYSERROR("failed to allocate memory for storing current "
"environment variable values that will be kept");
SYSERROR("Failed to allocate memory for storing current "
"environment variable values that will be kept.");
while (i > 0)
free(extra_keep_store[--i]);
free(extra_keep_store);
......@@ -401,14 +401,15 @@ static int lxc_attach_set_environment(enum lxc_attach_env_policy_t policy, char*
if (strcmp(extra_keep[i], "PATH") == 0)
path_kept = 1;
}
/* calloc sets entire array to zero, so we don't
* need an else */
/* Calloc sets entire array to zero, so we don't
* need an else.
*/
}
}
if (clearenv()) {
char **p;
SYSERROR("failed to clear environment");
SYSERROR("Failed to clear environment.");
if (extra_keep_store) {
for (p = extra_keep_store; *p; p++)
free(*p);
......@@ -422,39 +423,40 @@ static int lxc_attach_set_environment(enum lxc_attach_env_policy_t policy, char*
for (i = 0; extra_keep[i]; i++) {
if (extra_keep_store[i]) {
if (setenv(extra_keep[i], extra_keep_store[i], 1) < 0)
SYSERROR("Unable to set environment variable");
SYSERROR("Unable to set environment variable.");
}
free(extra_keep_store[i]);
}
free(extra_keep_store);
}
/* always set a default path; shells and execlp tend
* to be fine without it, but there is a disturbing
* number of C programs out there that just assume
* that getenv("PATH") is never NULL and then die a
* painful segfault death. */
/* Always set a default path; shells and execlp tend to be fine
* without it, but there is a disturbing number of C programs
* out there that just assume that getenv("PATH") is never NULL
* and then die a painful segfault death.
*/
if (!path_kept)
setenv("PATH", "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 1);
}
if (putenv("container=lxc")) {
SYSERROR("failed to set environment variable");
SYSERROR("Failed to set environment variable.");
return -1;
}
/* set extra environment variables */
/* Set extra environment variables. */
if (extra_env) {
for (; *extra_env; extra_env++) {
/* duplicate the string, just to be on
* the safe side, because putenv does not
* do it for us */
/* Duplicate the string, just to be on the safe side,
* because putenv does not do it for us.
*/
char *p = strdup(*extra_env);
/* we just assume the user knows what they
* are doing, so we don't do any checks */
/* We just assume the user knows what they are doing, so
* we don't do any checks.
*/
if (!p) {
SYSERROR("failed to allocate memory for additional environment "
"variables");
SYSERROR("Failed to allocate memory for additional environment "
"variables.");
return -1;
}
putenv(p);
......@@ -466,16 +468,14 @@ static int lxc_attach_set_environment(enum lxc_attach_env_policy_t policy, char*
static char *lxc_attach_getpwshell(uid_t uid)
{
/* local variables */
pid_t pid;
int pipes[2];
int ret;
int fd;
char *result = NULL;
/* we need to fork off a process that runs the
* getent program, and we need to capture its
* output, so we use a pipe for that purpose
/* We need to fork off a process that runs the getent program, and we
* need to capture its output, so we use a pipe for that purpose.
*/
ret = pipe(pipes);
if (ret < 0)
......@@ -489,7 +489,6 @@ static char *lxc_attach_getpwshell(uid_t uid)
}
if (pid) {
/* parent process */
FILE *pipe_f;
char *line = NULL;
size_t line_bufsz = 0;
......@@ -506,19 +505,18 @@ static char *lxc_attach_getpwshell(uid_t uid)
char *endptr = NULL;
int i;
/* if we already found something, just continue
* to read until the pipe doesn't deliver any more
* data, but don't modify the existing data
* structure
/* If we already found something, just continue to read
* until the pipe doesn't deliver any more data, but
* don't modify the existing data structure.
*/
if (found)
continue;
/* trim line on the right hand side */
/* Trim line on the right hand side. */
for (i = strlen(line); i > 0 && (line[i - 1] == '\n' || line[i - 1] == '\r'); --i)
line[i - 1] = '\0';
/* split into tokens: first user name */
/* Split into tokens: first: user name. */
token = strtok_r(line, ":", &saveptr);
if (!token)
continue;
......@@ -545,7 +543,7 @@ static char *lxc_attach_getpwshell(uid_t uid)
free(result);
result = strdup(token);
/* sanity check that there are no fields after that */
/* Sanity check that there are no fields after that. */
token = strtok_r(NULL, ":", &saveptr);
if (token)
continue;
......@@ -562,9 +560,9 @@ static char *lxc_attach_getpwshell(uid_t uid)
return NULL;
}
/* some sanity checks: if anything even hinted at going
* wrong: we can't be sure we have a valid result, so
* we assume we don't
/* Some sanity checks. If anything even hinted at going wrong,
* we can't be sure we have a valid result, so we assume we
* don't.
*/
if (!WIFEXITED(status))
......@@ -578,7 +576,6 @@ static char *lxc_attach_getpwshell(uid_t uid)
return result;
} else {
/* child process */
char uid_buf[32];
char *arguments[] = {
"getent",
......@@ -589,12 +586,12 @@ static char *lxc_attach_getpwshell(uid_t uid)
close(pipes[0]);
/* we want to capture stdout */
/* We want to capture stdout. */
dup2(pipes[1], 1);
close(pipes[1]);
/* get rid of stdin/stderr, so we try to associate it
* with /dev/null
/* Get rid of stdin/stderr, so we try to associate it with
* /dev/null.
*/
fd = open("/dev/null", O_RDWR);
if (fd < 0) {
......@@ -606,12 +603,12 @@ static char *lxc_attach_getpwshell(uid_t uid)
close(fd);
}
/* finish argument list */
/* Finish argument list. */
ret = snprintf(uid_buf, sizeof(uid_buf), "%ld", (long) uid);
if (ret <= 0)
exit(-1);
/* try to run getent program */
/* Try to run getent program. */
(void) execvp("getent", arguments);
exit(-1);
}
......@@ -620,31 +617,31 @@ static char *lxc_attach_getpwshell(uid_t uid)
static void lxc_attach_get_init_uidgid(uid_t* init_uid, gid_t* init_gid)
{
FILE *proc_file;
char proc_fn[MAXPATHLEN];
char proc_fn[__PROC_STATUS_LEN];
int ret;
char *line = NULL;
size_t line_bufsz = 0;
int ret;
long value = -1;
uid_t uid = (uid_t)-1;
gid_t gid = (gid_t)-1;
/* read capabilities */
snprintf(proc_fn, MAXPATHLEN, "/proc/%d/status", 1);
/* Read capabilities. */
snprintf(proc_fn, __PROC_STATUS_LEN, "/proc/%d/status", 1);
proc_file = fopen(proc_fn, "r");
if (!proc_file)
return;
while (getline(&line, &line_bufsz, proc_file) != -1) {
/* format is: real, effective, saved set user, fs
* we only care about real uid
/* Format is: real, effective, saved set user, fs we only care
* about real uid.
*/
ret = sscanf(line, "Uid: %ld", &value);
if (ret != EOF && ret > 0) {
if (ret != EOF && ret == 1) {
uid = (uid_t) value;
} else {
ret = sscanf(line, "Gid: %ld", &value);
if (ret != EOF && ret > 0)
if (ret != EOF && ret == 1)
gid = (gid_t) value;
}
if (uid != (uid_t)-1 && gid != (gid_t)-1)
......@@ -654,14 +651,15 @@ static void lxc_attach_get_init_uidgid(uid_t* init_uid, gid_t* init_gid)
fclose(proc_file);
free(line);
/* only override arguments if we found something */
/* Only override arguments if we found something. */
if (uid != (uid_t)-1)
*init_uid = uid;
if (gid != (gid_t)-1)
*init_gid = gid;
/* TODO: we should also parse supplementary groups and use
* setgroups() to set them */
* setgroups() to set them.
*/
}
struct attach_clone_payload {
......@@ -674,10 +672,10 @@ struct attach_clone_payload {
static int attach_child_main(void* data);
/* help the optimizer along if it doesn't know that exit always exits */
/* Help the optimizer along if it doesn't know that exit always exits. */
#define rexit(c) do { int __c = (c); _exit(__c); return __c; } while(0)
/* define default options if no options are supplied by the user */
/* Define default options if no options are supplied by the user. */
static lxc_attach_options_t attach_static_default_options = LXC_ATTACH_OPTIONS_DEFAULT;
static bool fetch_seccomp(struct lxc_container *c,
......@@ -696,23 +694,23 @@ static bool fetch_seccomp(struct lxc_container *c,
return false;
}
/* Fetch the current profile path over the cmd interface */
/* Fetch the current profile path over the cmd interface. */
path = c->get_running_config_item(c, "lxc.seccomp");
if (!path) {
INFO("Failed to get running config item for lxc.seccomp.");
return true;
}
/* Copy the value into the new lxc_conf */
/* Copy the value into the new lxc_conf. */
if (!c->set_config_item(c, "lxc.seccomp", path)) {
free(path);
return false;
}
free(path);
/* Attempt to parse the resulting config */
/* Attempt to parse the resulting config. */
if (lxc_read_seccomp_config(c->lxc_conf) < 0) {
ERROR("Error reading seccomp policy");
ERROR("Error reading seccomp policy.");
return false;
}
......@@ -774,19 +772,20 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
init_pid = lxc_cmd_get_init_pid(name, lxcpath);
if (init_pid < 0) {
ERROR("failed to get the init pid");
ERROR("Failed to get init pid.");
return -1;
}
init_ctx = lxc_proc_get_context_info(init_pid);
if (!init_ctx) {
ERROR("failed to get context of the init process, pid = %ld", (long)init_pid);
ERROR("Failed to get context of init process: %ld.",
(long)init_pid);
return -1;
}
personality = get_personality(name, lxcpath);
if (init_ctx->personality < 0) {
ERROR("Failed to get personality of the container");
ERROR("Failed to get personality of the container.");
lxc_proc_put_context_info(init_ctx);
return -1;
}
......@@ -797,41 +796,42 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
return -1;
if (!fetch_seccomp(init_ctx->container, options))
WARN("Failed to get seccomp policy");
WARN("Failed to get seccomp policy.");
if (!no_new_privs(init_ctx->container, options))
WARN("Could not determine whether PR_SET_NO_NEW_PRIVS is set.");
cwd = getcwd(NULL, 0);
/* determine which namespaces the container was created with
* by asking lxc-start, if necessary
/* Determine which namespaces the container was created with
* by asking lxc-start, if necessary.
*/
if (options->namespaces == -1) {
options->namespaces = lxc_cmd_get_clone_flags(name, lxcpath);
/* call failed */
if (options->namespaces == -1) {
ERROR("failed to automatically determine the "
"namespaces which the container unshared");
ERROR("Failed to automatically determine the "
"namespaces which the container uses.");
free(cwd);
lxc_proc_put_context_info(init_ctx);
return -1;
}
}
/* create a socket pair for IPC communication; set SOCK_CLOEXEC in order
* to make sure we don't irritate other threads that want to fork+exec away
/* Create a socket pair for IPC communication; set SOCK_CLOEXEC in order
* to make sure we don't irritate other threads that want to fork+exec
* away
*
* IMPORTANT: if the initial process is multithreaded and another call
* just fork()s away without exec'ing directly after, the socket fd will
* exist in the forked process from the other thread and any close() in
* our own child process will not really cause the socket to close properly,
* potentiall causing the parent to hang.
* our own child process will not really cause the socket to close
* properly, potentiall causing the parent to hang.
*
* For this reason, while IPC is still active, we have to use shutdown()
* if the child exits prematurely in order to signal that the socket
* is closed and cannot assume that the child exiting will automatically
* do that.
* if the child exits prematurely in order to signal that the socket is
* closed and cannot assume that the child exiting will automatically do
* that.
*
* IPC mechanism: (X is receiver)
* initial process intermediate attached
......@@ -853,28 +853,26 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
*/
ret = socketpair(PF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0, ipc_sockets);
if (ret < 0) {
SYSERROR("could not set up required IPC mechanism for attaching");
SYSERROR("Could not set up required IPC mechanism for attaching.");
free(cwd);
lxc_proc_put_context_info(init_ctx);
return -1;
}
/* create intermediate subprocess, three reasons:
* 1. runs all pthread_atfork handlers and the
* child will no longer be threaded
* (we can't properly setns() in a threaded process)
* 2. we can't setns() in the child itself, since
* we want to make sure we are properly attached to
* the pidns
* 3. also, the initial thread has to put the attached
* process into the cgroup, which we can only do if
* we didn't already setns() (otherwise, user
* namespaces will hate us)
/* Create intermediate subprocess, three reasons:
* 1. Runs all pthread_atfork handlers and the child will no
* longer be threaded (we can't properly setns() in a threaded
* process).
* 2. We can't setns() in the child itself, since we want to make
* sure we are properly attached to the pidns.
* 3. Also, the initial thread has to put the attached process
* into the cgroup, which we can only do if we didn't already
* setns() (otherwise, user namespaces will hate us).
*/
pid = fork();
if (pid < 0) {
SYSERROR("failed to create first subprocess");
SYSERROR("Failed to create first subprocess.");
free(cwd);
lxc_proc_put_context_info(init_ctx);
return -1;
......@@ -884,16 +882,16 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
int procfd = -1;
pid_t to_cleanup_pid = pid;
/* initial thread, we close the socket that is for the
* subprocesses
/* Initial thread, we close the socket that is for the
* subprocesses.
*/
close(ipc_sockets[1]);
free(cwd);
/* attach to cgroup, if requested */
/* Attach to cgroup, if requested. */
if (options->attach_flags & LXC_ATTACH_MOVE_TO_CGROUP) {
if (!cgroup_attach(name, lxcpath, pid))
goto cleanup_error;
goto on_error;
}
/* Open /proc before setns() to the containers namespace so we
......@@ -902,64 +900,63 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
procfd = open("/proc", O_DIRECTORY | O_RDONLY | O_CLOEXEC);
if (procfd < 0) {
SYSERROR("Unable to open /proc.");
goto cleanup_error;
goto on_error;
}
/* Let the child process know to go ahead */
/* Let the child process know to go ahead. */
status = 0;
ret = lxc_write_nointr(ipc_sockets[0], &status, sizeof(status));
if (ret <= 0) {
ERROR("error using IPC to notify attached process for initialization (0)");
goto cleanup_error;
ERROR("Intended to send sequence number 0: %s.",
strerror(errno));
goto on_error;
}
/* get pid from intermediate process */
/* Get pid of attached process from intermediate process. */
ret = lxc_read_nointr_expect(ipc_sockets[0], &attached_pid, sizeof(attached_pid), NULL);
if (ret <= 0) {
if (ret != 0)
ERROR("error using IPC to receive pid of attached process");
goto cleanup_error;
ERROR("Expected to receive pid: %s.", strerror(errno));
goto on_error;
}
/* ignore SIGKILL (CTRL-C) and SIGQUIT (CTRL-\) - issue #313 */
/* Ignore SIGKILL (CTRL-C) and SIGQUIT (CTRL-\) - issue #313. */
if (options->stdin_fd == 0) {
signal(SIGINT, SIG_IGN);
signal(SIGQUIT, SIG_IGN);
}
/* reap intermediate process */
/* Reap intermediate process. */
ret = wait_for_pid(pid);
if (ret < 0)
goto cleanup_error;
goto on_error;
/* we will always have to reap the grandchild now */
/* We will always have to reap the attached process now. */
to_cleanup_pid = attached_pid;
/* tell attached process it may start initializing */
/* Tell attached process it may start initializing. */
status = 0;
ret = lxc_write_nointr(ipc_sockets[0], &status, sizeof(status));
if (ret <= 0) {
ERROR("error using IPC to notify attached process for initialization (0)");
goto cleanup_error;
ERROR("Intended to send sequence number 0: %s.", strerror(errno));
goto on_error;
}
/* wait for the attached process to finish initializing */
/* Wait for the attached process to finish initializing. */
expected = 1;
ret = lxc_read_nointr_expect(ipc_sockets[0], &status, sizeof(status), &expected);
if (ret <= 0) {
if (ret != 0)
ERROR("error using IPC to receive notification "
"from attached process (1)");
goto cleanup_error;
ERROR("Expected to receive sequence number 1: %s.", strerror(errno));
goto on_error;
}
/* tell attached process we're done */
/* Tell attached process we're done. */
status = 2;
ret = lxc_write_nointr(ipc_sockets[0], &status, sizeof(status));
if (ret <= 0) {
ERROR("Error using IPC to notify attached process for "
"initialization (2): %s.", strerror(errno));
goto cleanup_error;
ERROR("Intended to send sequence number 2: %s.", strerror(errno));
goto on_error;
}
/* Wait for the (grand)child to tell us that it's ready to set
......@@ -968,9 +965,9 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
expected = 3;
ret = lxc_read_nointr_expect(ipc_sockets[0], &status, sizeof(status), &expected);
if (ret <= 0) {
ERROR("Error using IPC for the child to tell us to open LSM fd (3): %s.",
ERROR("Expected to receive sequence number 3: %s.",
strerror(errno));
goto cleanup_error;
goto on_error;
}
/* Open LSM fd and send it to child. */
......@@ -980,33 +977,32 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
/* Open fd for the LSM security module. */
labelfd = lsm_openat(procfd, attached_pid, on_exec);
if (labelfd < 0)
goto cleanup_error;
goto on_error;
/* Send child fd of the LSM security module to write to. */
ret = lxc_abstract_unix_send_fd(ipc_sockets[0], labelfd, NULL, 0);
if (ret <= 0) {
ERROR("Error using IPC to send child LSM fd (4): %s.",
strerror(errno));
goto cleanup_error;
ERROR("Intended to send file descriptor %d: %s.", labelfd, strerror(errno));
goto on_error;
}
}
/* now shut down communication with child, we're done */
/* Now shut down communication with child, we're done. */
shutdown(ipc_sockets[0], SHUT_RDWR);
close(ipc_sockets[0]);
lxc_proc_put_context_info(init_ctx);
/* we're done, the child process should now execute whatever
* it is that the user requested. The parent can now track it
* with waitpid() or similar.
/* We're done, the child process should now execute whatever it
* is that the user requested. The parent can now track it with
* waitpid() or similar.
*/
*attached_process = attached_pid;
return 0;
cleanup_error:
/* first shut down the socket, then wait for the pid,
* otherwise the pid we're waiting for may never exit
on_error:
/* First shut down the socket, then wait for the pid, otherwise
* the pid we're waiting for may never exit.
*/
if (procfd >= 0)
close(procfd);
......@@ -1018,17 +1014,17 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
return -1;
}
/* first subprocess begins here, we close the socket that is for the
* initial thread
/* First subprocess begins here, we close the socket that is for the
* initial thread.
*/
close(ipc_sockets[0]);
/* Wait for the parent to have setup cgroups */
/* Wait for the parent to have setup cgroups. */
expected = 0;
status = -1;
ret = lxc_read_nointr_expect(ipc_sockets[1], &status, sizeof(status), &expected);
if (ret <= 0) {
ERROR("error communicating with child process");
ERROR("Expected to receive sequence number 0: %s.", strerror(errno));
shutdown(ipc_sockets[1], SHUT_RDWR);
rexit(-1);
}
......@@ -1036,27 +1032,27 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
if ((options->attach_flags & LXC_ATTACH_MOVE_TO_CGROUP) && cgns_supported())
options->namespaces |= CLONE_NEWCGROUP;
/* attach now, create another subprocess later, since pid namespaces
* only really affect the children of the current process
/* Attach now, create another subprocess later, since pid namespaces
* only really affect the children of the current process.
*/
ret = lxc_attach_to_ns(init_pid, options->namespaces);
if (ret < 0) {
ERROR("failed to enter the namespace");
ERROR("Failed to enter namespaces.");
shutdown(ipc_sockets[1], SHUT_RDWR);
rexit(-1);
}
/* attach succeeded, try to cwd */
/* Attach succeeded, try to cwd. */
if (options->initial_cwd)
new_cwd = options->initial_cwd;
else
new_cwd = cwd;
ret = chdir(new_cwd);
if (ret < 0)
WARN("could not change directory to '%s'", new_cwd);
WARN("Could not change directory to \"%s\".", new_cwd);
free(cwd);
/* now create the real child process */
/* Now create the real child process. */
{
struct attach_clone_payload payload = {
.ipc_socket = ipc_sockets[1],
......@@ -1065,35 +1061,36 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
.exec_function = exec_function,
.exec_payload = exec_payload,
};
/* We use clone_parent here to make this subprocess a direct child of
* the initial process. Then this intermediate process can exit and
* the parent can directly track the attached process.
/* We use clone_parent here to make this subprocess a direct
* child of the initial process. Then this intermediate process
* can exit and the parent can directly track the attached
* process.
*/
pid = lxc_clone(attach_child_main, &payload, CLONE_PARENT);
}
/* shouldn't happen, clone() should always return positive pid */
/* Shouldn't happen, clone() should always return positive pid. */
if (pid <= 0) {
SYSERROR("failed to create subprocess");
SYSERROR("Failed to create subprocess.");
shutdown(ipc_sockets[1], SHUT_RDWR);
rexit(-1);
}
/* tell grandparent the pid of the pid of the newly created child */
/* Tell grandparent the pid of the pid of the newly created child. */
ret = lxc_write_nointr(ipc_sockets[1], &pid, sizeof(pid));
if (ret != sizeof(pid)) {
/* if this really happens here, this is very unfortunate, since the
* parent will not know the pid of the attached process and will
* not be able to wait for it (and we won't either due to CLONE_PARENT)
* so the parent won't be able to reap it and the attached process
* will remain a zombie
/* If this really happens here, this is very unfortunate, since
* the parent will not know the pid of the attached process and
* will not be able to wait for it (and we won't either due to
* CLONE_PARENT) so the parent won't be able to reap it and the
* attached process will remain a zombie.
*/
ERROR("error using IPC to notify main process of pid of the attached process");
ERROR("Intended to send pid %d: %s.", pid, strerror(errno));
shutdown(ipc_sockets[1], SHUT_RDWR);
rexit(-1);
}
/* the rest is in the hands of the initial and the attached process */
/* The rest is in the hands of the initial and the attached process. */
rexit(0);
}
......@@ -1115,22 +1112,22 @@ static int attach_child_main(void* data)
uid_t new_uid;
gid_t new_gid;
/* wait for the initial thread to signal us that it's ready
* for us to start initializing
/* Wait for the initial thread to signal us that it's ready for us to
* start initializing.
*/
expected = 0;
status = -1;
ret = lxc_read_nointr_expect(ipc_socket, &status, sizeof(status), &expected);
if (ret <= 0) {
ERROR("Error using IPC to receive notification from initial process (0): %s.", strerror(errno));
ERROR("Expected to receive sequence number 0: %s.", strerror(errno));
shutdown(ipc_socket, SHUT_RDWR);
rexit(-1);
}
/* A description of the purpose of this functionality is
* provided in the lxc-attach(1) manual page. We have to
* remount here and not in the parent process, otherwise
* /proc may not properly reflect the new pid namespace.
/* A description of the purpose of this functionality is provided in the
* lxc-attach(1) manual page. We have to remount here and not in the
* parent process, otherwise /proc may not properly reflect the new pid
* namespace.
*/
if (!(options->namespaces & CLONE_NEWNS) && (options->attach_flags & LXC_ATTACH_REMOUNT_PROC_SYS)) {
ret = lxc_attach_remount_sys_proc();
......@@ -1140,7 +1137,7 @@ static int attach_child_main(void* data)
}
}
/* now perform additional attachments*/
/* Now perform additional attachments. */
#if HAVE_SYS_PERSONALITY_H
if (options->personality < 0)
new_personality = init_ctx->personality;
......@@ -1150,7 +1147,7 @@ static int attach_child_main(void* data)
if (options->attach_flags & LXC_ATTACH_SET_PERSONALITY) {
ret = personality(new_personality);
if (ret < 0) {
SYSERROR("could not ensure correct architecture");
SYSERROR("Could not ensure correct architecture.");
shutdown(ipc_socket, SHUT_RDWR);
rexit(-1);
}
......@@ -1160,25 +1157,27 @@ static int attach_child_main(void* data)
if (options->attach_flags & LXC_ATTACH_DROP_CAPABILITIES) {
ret = lxc_attach_drop_privs(init_ctx);
if (ret < 0) {
ERROR("could not drop privileges");
ERROR("Could not drop privileges.");
shutdown(ipc_socket, SHUT_RDWR);
rexit(-1);
}
}
/* always set the environment (specify (LXC_ATTACH_KEEP_ENV, NULL, NULL) if you want this to be a no-op) */
/* Always set the environment (specify (LXC_ATTACH_KEEP_ENV, NULL, NULL)
* if you want this to be a no-op).
*/
ret = lxc_attach_set_environment(options->env_policy, options->extra_env_vars, options->extra_keep_env);
if (ret < 0) {
ERROR("could not set initial environment for attached process");
ERROR("Could not set initial environment for attached process.");
shutdown(ipc_socket, SHUT_RDWR);
rexit(-1);
}
/* set user / group id */
/* Set {u,g}id. */
new_uid = 0;
new_gid = 0;
/* ignore errors, we will fall back to root in that case
* (/proc was not mounted etc.)
/* Ignore errors, we will fall back to root in that case (/proc was not
* mounted etc.).
*/
if (options->namespaces & CLONE_NEWUSER)
lxc_attach_get_init_uidgid(&new_uid, &new_gid);
......@@ -1188,54 +1187,52 @@ static int attach_child_main(void* data)
if (options->gid != (gid_t)-1)
new_gid = options->gid;
/* setup the control tty */
/* Setup the controlling tty. */
if (options->stdin_fd && isatty(options->stdin_fd)) {
if (setsid() < 0) {
SYSERROR("unable to setsid");
SYSERROR("Unable to setsid.");
shutdown(ipc_socket, SHUT_RDWR);
rexit(-1);
}
if (ioctl(options->stdin_fd, TIOCSCTTY, (char *)NULL) < 0) {
SYSERROR("unable to TIOCSTTY");
SYSERROR("Unable to set TIOCSTTY.");
shutdown(ipc_socket, SHUT_RDWR);
rexit(-1);
}
}
/* try to set the uid/gid combination */
/* Try to set the {u,g}id combination. */
if ((new_gid != 0 || options->namespaces & CLONE_NEWUSER)) {
if (setgid(new_gid) || setgroups(0, NULL)) {
SYSERROR("switching to container gid");
SYSERROR("Switching to container gid.");
shutdown(ipc_socket, SHUT_RDWR);
rexit(-1);
}
}
if ((new_uid != 0 || options->namespaces & CLONE_NEWUSER) && setuid(new_uid)) {
SYSERROR("switching to container uid");
SYSERROR("Switching to container uid.");
shutdown(ipc_socket, SHUT_RDWR);
rexit(-1);
}
/* tell initial process it may now put us into the cgroups */
/* Tell initial process it may now put us into cgroups. */
status = 1;
ret = lxc_write_nointr(ipc_socket, &status, sizeof(status));
if (ret != sizeof(status)) {
ERROR("Error using IPC to notify initial process for initialization (1): %s.", strerror(errno));
ERROR("Intended to send sequence number 1: %s.", strerror(errno));
shutdown(ipc_socket, SHUT_RDWR);
rexit(-1);
}
/* wait for the initial thread to signal us that it has done
* everything for us when it comes to cgroups etc.
/* Wait for the initial thread to signal us that it has done everything
* for us when it comes to cgroups etc.
*/
expected = 2;
status = -1;
ret = lxc_read_nointr_expect(ipc_socket, &status, sizeof(status), &expected);
if (ret <= 0) {
ERROR("Error using IPC to receive message from initial process "
"that it is done pre-initializing (2): %s",
strerror(errno));
ERROR("Expected to receive sequence number 2: %s", strerror(errno));
shutdown(ipc_socket, SHUT_RDWR);
rexit(-1);
}
......@@ -1258,7 +1255,7 @@ static int attach_child_main(void* data)
status = 3;
ret = lxc_write_nointr(ipc_socket, &status, sizeof(status));
if (ret <= 0) {
ERROR("Error using IPC to tell parent to set up LSM labels (3): %s.", strerror(errno));
ERROR("Intended to send sequence number 3: %s.", strerror(errno));
shutdown(ipc_socket, SHUT_RDWR);
rexit(-1);
}
......@@ -1268,7 +1265,7 @@ static int attach_child_main(void* data)
/* Receive fd for LSM security module. */
ret = lxc_abstract_unix_recv_fd(ipc_socket, &lsm_labelfd, NULL, 0);
if (ret <= 0) {
ERROR("Error using IPC for parent to tell us LSM label fd (4): %s.", strerror(errno));
ERROR("Expected to receive file descriptor: %s.", strerror(errno));
shutdown(ipc_socket, SHUT_RDWR);
rexit(-1);
}
......@@ -1287,7 +1284,7 @@ static int attach_child_main(void* data)
if (init_ctx->container && init_ctx->container->lxc_conf &&
init_ctx->container->lxc_conf->seccomp &&
(lxc_seccomp_load(init_ctx->container->lxc_conf) != 0)) {
ERROR("Loading seccomp policy");
ERROR("Failed to load seccomp policy.");
shutdown(ipc_socket, SHUT_RDWR);
rexit(-1);
}
......@@ -1296,16 +1293,15 @@ static int attach_child_main(void* data)
close(ipc_socket);
lxc_proc_put_context_info(init_ctx);
/* The following is done after the communication socket is
* shut down. That way, all errors that might (though
* unlikely) occur up until this point will have their messages
* printed to the original stderr (if logging is so configured)
* and not the fd the user supplied, if any.
/* The following is done after the communication socket is shut down.
* That way, all errors that might (though unlikely) occur up until this
* point will have their messages printed to the original stderr (if
* logging is so configured) and not the fd the user supplied, if any.
*/
/* fd handling for stdin, stdout and stderr;
* ignore errors here, user may want to make sure
* the fds are closed, for example */
/* Fd handling for stdin, stdout and stderr; ignore errors here, user
* may want to make sure the fds are closed, for example.
*/
if (options->stdin_fd >= 0 && options->stdin_fd != 0)
dup2(options->stdin_fd, 0);
if (options->stdout_fd >= 0 && options->stdout_fd != 1)
......@@ -1321,18 +1317,19 @@ static int attach_child_main(void* data)
if (options->stderr_fd > 2)
close(options->stderr_fd);
/* try to remove CLOEXEC flag from stdin/stdout/stderr,
* but also here, ignore errors */
/* Try to remove FD_CLOEXEC flag from stdin/stdout/stderr, but also
* here, ignore errors.
*/
for (fd = 0; fd <= 2; fd++) {
flags = fcntl(fd, F_GETFL);
if (flags < 0)
continue;
if (flags & FD_CLOEXEC)
if (fcntl(fd, F_SETFL, flags & ~FD_CLOEXEC) < 0)
SYSERROR("Unable to clear CLOEXEC from fd");
SYSERROR("Unable to clear FD_CLOEXEC from file descriptor.");
}
/* we're done, so we can now do whatever the user intended us to do */
/* We're done, so we can now do whatever the user intended us to do. */
rexit(payload->exec_function(payload->exec_payload));
}
......@@ -1341,7 +1338,7 @@ int lxc_attach_run_command(void* payload)
lxc_attach_command_t* cmd = (lxc_attach_command_t*)payload;
execvp(cmd->program, cmd->argv);
SYSERROR("failed to exec '%s'", cmd->program);
SYSERROR("Failed to exec \"%s\".", cmd->program);
return -1;
}
......@@ -1351,18 +1348,17 @@ int lxc_attach_run_shell(void* payload)
struct passwd *passwd;
char *user_shell;
/* ignore payload parameter */
/* Ignore payload parameter. */
(void)payload;
uid = getuid();
passwd = getpwuid(uid);
/* this probably happens because of incompatible nss
* implementations in host and container (remember, this
* code is still using the host's glibc but our mount
* namespace is in the container)
* we may try to get the information by spawning a
* [getent passwd uid] process and parsing the result
/* This probably happens because of incompatible nss implementations in
* host and container (remember, this code is still using the host's
* glibc but our mount namespace is in the container) we may try to get
* the information by spawning a [getent passwd uid] process and parsing
* the result.
*/
if (!passwd)
user_shell = lxc_attach_getpwshell(uid);
......@@ -1372,10 +1368,10 @@ int lxc_attach_run_shell(void* payload)
if (user_shell)
execlp(user_shell, user_shell, (char *)NULL);
/* executed if either no passwd entry or execvp fails,
* we will fall back on /bin/sh as a default shell
/* Executed if either no passwd entry or execvp fails, we will fall back
* on /bin/sh as a default shell.
*/
execlp("/bin/sh", "/bin/sh", (char *)NULL);
SYSERROR("failed to exec shell");
SYSERROR("Failed to exec shell.");
return -1;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment