2014-10-23 04:45:23 +08:00
|
|
|
// +build linux
|
|
|
|
|
|
|
|
package libcontainer
|
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/json"
|
2014-11-01 04:56:53 +08:00
|
|
|
"fmt"
|
2014-10-23 04:45:23 +08:00
|
|
|
"os"
|
|
|
|
"path/filepath"
|
2014-11-01 04:56:53 +08:00
|
|
|
"regexp"
|
2016-03-23 06:41:49 +08:00
|
|
|
"runtime/debug"
|
2015-04-09 05:14:51 +08:00
|
|
|
"strconv"
|
2015-03-20 01:17:32 +08:00
|
|
|
"syscall"
|
2014-10-31 06:08:28 +08:00
|
|
|
|
2015-03-20 01:17:32 +08:00
|
|
|
"github.com/docker/docker/pkg/mount"
|
2015-06-22 10:29:59 +08:00
|
|
|
"github.com/opencontainers/runc/libcontainer/cgroups"
|
|
|
|
"github.com/opencontainers/runc/libcontainer/cgroups/fs"
|
|
|
|
"github.com/opencontainers/runc/libcontainer/cgroups/systemd"
|
|
|
|
"github.com/opencontainers/runc/libcontainer/configs"
|
|
|
|
"github.com/opencontainers/runc/libcontainer/configs/validate"
|
2016-01-26 10:15:44 +08:00
|
|
|
"github.com/opencontainers/runc/libcontainer/utils"
|
2014-10-23 04:45:23 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2016-06-07 04:15:18 +08:00
|
|
|
stateFilename = "state.json"
|
|
|
|
execFifoFilename = "exec.fifo"
|
2014-10-23 04:45:23 +08:00
|
|
|
)
|
|
|
|
|
2014-11-01 04:56:53 +08:00
|
|
|
var (
|
2016-03-22 23:40:55 +08:00
|
|
|
idRegex = regexp.MustCompile(`^[\w+-\.]+$`)
|
2014-11-04 01:42:20 +08:00
|
|
|
maxIdLen = 1024
|
2014-11-01 04:56:53 +08:00
|
|
|
)
|
|
|
|
|
2015-02-14 07:43:14 +08:00
|
|
|
// InitArgs returns an options func to configure a LinuxFactory with the
|
2016-07-06 21:58:30 +08:00
|
|
|
// provided init binary path and arguments.
|
2015-02-14 07:43:14 +08:00
|
|
|
func InitArgs(args ...string) func(*LinuxFactory) error {
|
2017-01-25 06:53:59 +08:00
|
|
|
return func(l *LinuxFactory) (err error) {
|
|
|
|
if len(args) > 0 {
|
|
|
|
// Resolve relative paths to ensure that its available
|
|
|
|
// after directory changes.
|
|
|
|
if args[0], err = filepath.Abs(args[0]); err != nil {
|
|
|
|
return newGenericError(err, ConfigInvalid)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-02-14 07:43:14 +08:00
|
|
|
l.InitArgs = args
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// SystemdCgroups is an options func to configure a LinuxFactory to return
|
|
|
|
// containers that use systemd to create and manage cgroups.
|
|
|
|
func SystemdCgroups(l *LinuxFactory) error {
|
|
|
|
l.NewCgroupsManager = func(config *configs.Cgroup, paths map[string]string) cgroups.Manager {
|
|
|
|
return &systemd.Manager{
|
|
|
|
Cgroups: config,
|
|
|
|
Paths: paths,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Cgroupfs is an options func to configure a LinuxFactory to return
|
|
|
|
// containers that use the native cgroups filesystem implementation to
|
|
|
|
// create and manage cgroups.
|
|
|
|
func Cgroupfs(l *LinuxFactory) error {
|
|
|
|
l.NewCgroupsManager = func(config *configs.Cgroup, paths map[string]string) cgroups.Manager {
|
|
|
|
return &fs.Manager{
|
|
|
|
Cgroups: config,
|
|
|
|
Paths: paths,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2015-03-20 01:17:32 +08:00
|
|
|
// TmpfsRoot is an option func to mount LinuxFactory.Root to tmpfs.
|
|
|
|
func TmpfsRoot(l *LinuxFactory) error {
|
|
|
|
mounted, err := mount.Mounted(l.Root)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if !mounted {
|
|
|
|
if err := syscall.Mount("tmpfs", l.Root, "tmpfs", 0, ""); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2016-07-07 10:58:55 +08:00
|
|
|
// CriuPath returns an option func to configure a LinuxFactory with the
|
|
|
|
// provided criupath
|
|
|
|
func CriuPath(criupath string) func(*LinuxFactory) error {
|
|
|
|
return func(l *LinuxFactory) error {
|
|
|
|
l.CriuPath = criupath
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-02-14 07:43:14 +08:00
|
|
|
// New returns a linux based container factory based in the root directory and
|
|
|
|
// configures the factory with the provided option funcs.
|
|
|
|
func New(root string, options ...func(*LinuxFactory) error) (Factory, error) {
|
2014-12-15 23:05:11 +08:00
|
|
|
if root != "" {
|
|
|
|
if err := os.MkdirAll(root, 0700); err != nil {
|
|
|
|
return nil, newGenericError(err, SystemError)
|
|
|
|
}
|
2014-10-23 04:45:23 +08:00
|
|
|
}
|
2015-02-14 07:43:14 +08:00
|
|
|
l := &LinuxFactory{
|
|
|
|
Root: root,
|
2016-07-06 21:58:30 +08:00
|
|
|
InitArgs: []string{"/proc/self/exe", "init"},
|
2015-02-14 07:43:14 +08:00
|
|
|
Validator: validate.New(),
|
2015-05-19 05:52:26 +08:00
|
|
|
CriuPath: "criu",
|
2015-02-14 07:43:14 +08:00
|
|
|
}
|
|
|
|
Cgroupfs(l)
|
|
|
|
for _, opt := range options {
|
|
|
|
if err := opt(l); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return l, nil
|
2014-10-23 04:45:23 +08:00
|
|
|
}
|
|
|
|
|
2015-02-14 07:43:14 +08:00
|
|
|
// LinuxFactory implements the default factory interface for linux based systems.
|
|
|
|
type LinuxFactory struct {
|
|
|
|
// Root directory for the factory to store state.
|
|
|
|
Root string
|
|
|
|
|
|
|
|
// InitArgs are arguments for calling the init responsibilities for spawning
|
|
|
|
// a container.
|
|
|
|
InitArgs []string
|
|
|
|
|
2015-03-07 03:21:02 +08:00
|
|
|
// CriuPath is the path to the criu binary used for checkpoint and restore of
|
|
|
|
// containers.
|
|
|
|
CriuPath string
|
|
|
|
|
2015-02-14 07:43:14 +08:00
|
|
|
// Validator provides validation to container configurations.
|
|
|
|
Validator validate.Validator
|
|
|
|
|
|
|
|
// NewCgroupsManager returns an initialized cgroups manager for a single container.
|
|
|
|
NewCgroupsManager func(config *configs.Cgroup, paths map[string]string) cgroups.Manager
|
2014-10-23 04:45:23 +08:00
|
|
|
}
|
|
|
|
|
2015-02-14 07:43:14 +08:00
|
|
|
func (l *LinuxFactory) Create(id string, config *configs.Config) (Container, error) {
|
|
|
|
if l.Root == "" {
|
2014-12-15 23:05:11 +08:00
|
|
|
return nil, newGenericError(fmt.Errorf("invalid root"), ConfigInvalid)
|
|
|
|
}
|
2015-02-01 12:51:12 +08:00
|
|
|
if err := l.validateID(id); err != nil {
|
|
|
|
return nil, err
|
2014-11-04 01:42:20 +08:00
|
|
|
}
|
2015-02-14 07:43:14 +08:00
|
|
|
if err := l.Validator.Validate(config); err != nil {
|
2015-02-07 04:48:57 +08:00
|
|
|
return nil, newGenericError(err, ConfigInvalid)
|
|
|
|
}
|
2016-06-14 08:21:28 +08:00
|
|
|
uid, err := config.HostUID()
|
|
|
|
if err != nil {
|
|
|
|
return nil, newGenericError(err, SystemError)
|
|
|
|
}
|
|
|
|
gid, err := config.HostGID()
|
|
|
|
if err != nil {
|
|
|
|
return nil, newGenericError(err, SystemError)
|
|
|
|
}
|
2015-02-14 07:43:14 +08:00
|
|
|
containerRoot := filepath.Join(l.Root, id)
|
2015-02-01 12:51:12 +08:00
|
|
|
if _, err := os.Stat(containerRoot); err == nil {
|
2015-10-29 22:15:26 +08:00
|
|
|
return nil, newGenericError(fmt.Errorf("container with id exists: %v", id), IdInUse)
|
2014-11-04 01:42:20 +08:00
|
|
|
} else if !os.IsNotExist(err) {
|
|
|
|
return nil, newGenericError(err, SystemError)
|
2014-11-01 04:56:53 +08:00
|
|
|
}
|
2016-06-14 08:21:28 +08:00
|
|
|
if err := os.MkdirAll(containerRoot, 0711); err != nil {
|
|
|
|
return nil, newGenericError(err, SystemError)
|
|
|
|
}
|
|
|
|
if err := os.Chown(containerRoot, uid, gid); err != nil {
|
|
|
|
return nil, newGenericError(err, SystemError)
|
|
|
|
}
|
2015-10-03 02:16:50 +08:00
|
|
|
c := &linuxContainer{
|
2014-12-15 23:05:11 +08:00
|
|
|
id: id,
|
|
|
|
root: containerRoot,
|
|
|
|
config: config,
|
2015-02-14 07:43:14 +08:00
|
|
|
initArgs: l.InitArgs,
|
2015-03-07 03:21:02 +08:00
|
|
|
criuPath: l.CriuPath,
|
2015-02-14 07:43:14 +08:00
|
|
|
cgroupManager: l.NewCgroupsManager(config.Cgroups, nil),
|
2015-10-03 02:16:50 +08:00
|
|
|
}
|
|
|
|
c.state = &stoppedState{c: c}
|
|
|
|
return c, nil
|
2014-10-23 04:45:23 +08:00
|
|
|
}
|
|
|
|
|
2015-02-14 07:43:14 +08:00
|
|
|
func (l *LinuxFactory) Load(id string) (Container, error) {
|
|
|
|
if l.Root == "" {
|
2014-12-15 23:05:11 +08:00
|
|
|
return nil, newGenericError(fmt.Errorf("invalid root"), ConfigInvalid)
|
|
|
|
}
|
2015-02-14 07:43:14 +08:00
|
|
|
containerRoot := filepath.Join(l.Root, id)
|
2016-08-26 01:23:35 +08:00
|
|
|
state, err := l.loadState(containerRoot, id)
|
2014-10-23 04:45:23 +08:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2015-03-13 12:45:43 +08:00
|
|
|
r := &nonChildProcess{
|
2015-02-12 06:45:07 +08:00
|
|
|
processPid: state.InitProcessPid,
|
|
|
|
processStartTime: state.InitProcessStartTime,
|
2015-04-29 19:35:21 +08:00
|
|
|
fds: state.ExternalDescriptors,
|
2015-02-07 13:12:27 +08:00
|
|
|
}
|
2015-10-03 02:16:50 +08:00
|
|
|
c := &linuxContainer{
|
2016-07-05 08:24:13 +08:00
|
|
|
initProcess: r,
|
|
|
|
initProcessStartTime: state.InitProcessStartTime,
|
|
|
|
id: id,
|
|
|
|
config: &state.Config,
|
|
|
|
initArgs: l.InitArgs,
|
|
|
|
criuPath: l.CriuPath,
|
|
|
|
cgroupManager: l.NewCgroupsManager(state.Config.Cgroups, state.CgroupPaths),
|
|
|
|
root: containerRoot,
|
|
|
|
created: state.Created,
|
2015-10-03 02:16:50 +08:00
|
|
|
}
|
2016-05-14 08:01:12 +08:00
|
|
|
c.state = &loadedState{c: c}
|
2016-01-22 08:48:05 +08:00
|
|
|
if err := c.refreshState(); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2015-10-03 02:16:50 +08:00
|
|
|
return c, nil
|
2014-10-23 04:45:23 +08:00
|
|
|
}
|
|
|
|
|
2015-03-12 02:44:56 +08:00
|
|
|
func (l *LinuxFactory) Type() string {
|
|
|
|
return "libcontainer"
|
|
|
|
}
|
|
|
|
|
2015-02-01 12:51:12 +08:00
|
|
|
// StartInitialization loads a container by opening the pipe fd from the parent to read the configuration and state
|
|
|
|
// This is a low level implementation detail of the reexec and should not be consumed externally
|
2015-04-09 05:14:51 +08:00
|
|
|
func (l *LinuxFactory) StartInitialization() (err error) {
|
2016-11-28 22:25:06 +08:00
|
|
|
var (
|
|
|
|
pipefd, rootfd int
|
|
|
|
envInitPipe = os.Getenv("_LIBCONTAINER_INITPIPE")
|
|
|
|
envStateDir = os.Getenv("_LIBCONTAINER_STATEDIR")
|
|
|
|
)
|
2016-06-07 04:15:18 +08:00
|
|
|
|
2016-11-28 22:25:06 +08:00
|
|
|
// Get the INITPIPE.
|
|
|
|
pipefd, err = strconv.Atoi(envInitPipe)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("unable to convert _LIBCONTAINER_INITPIPE=%s to int: %s", envInitPipe, err)
|
2015-04-09 05:14:51 +08:00
|
|
|
}
|
2016-11-28 22:25:06 +08:00
|
|
|
|
2015-02-07 04:48:57 +08:00
|
|
|
var (
|
|
|
|
pipe = os.NewFile(uintptr(pipefd), "pipe")
|
|
|
|
it = initType(os.Getenv("_LIBCONTAINER_INITTYPE"))
|
|
|
|
)
|
2017-01-25 07:07:19 +08:00
|
|
|
defer pipe.Close()
|
|
|
|
|
2016-11-28 22:25:06 +08:00
|
|
|
// Only init processes have STATEDIR.
|
|
|
|
rootfd = -1
|
|
|
|
if it == initStandard {
|
|
|
|
rootfd, err = strconv.Atoi(envStateDir)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("unable to convert _LIBCONTAINER_STATEDIR=%s to int: %s", envStateDir, err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-02-07 04:48:57 +08:00
|
|
|
// clear the current process's environment to clean any libcontainer
|
|
|
|
// specific env vars.
|
|
|
|
os.Clearenv()
|
2016-06-07 04:15:18 +08:00
|
|
|
|
2016-03-10 09:48:12 +08:00
|
|
|
defer func() {
|
|
|
|
// We have an error during the initialization of the container's init,
|
|
|
|
// send it back to the parent process in the form of an initError.
|
2016-06-06 18:26:35 +08:00
|
|
|
if werr := utils.WriteJSON(pipe, syncT{procError}); werr != nil {
|
|
|
|
fmt.Fprintln(os.Stderr, err)
|
|
|
|
return
|
2015-02-01 13:21:06 +08:00
|
|
|
}
|
2016-06-14 08:21:28 +08:00
|
|
|
if werr := utils.WriteJSON(pipe, newSystemError(err)); werr != nil {
|
2016-10-18 06:54:51 +08:00
|
|
|
fmt.Fprintln(os.Stderr, err)
|
|
|
|
return
|
2016-03-10 09:48:12 +08:00
|
|
|
}
|
|
|
|
}()
|
2016-03-23 06:41:49 +08:00
|
|
|
defer func() {
|
|
|
|
if e := recover(); e != nil {
|
|
|
|
err = fmt.Errorf("panic from initialization: %v, %v", e, string(debug.Stack()))
|
|
|
|
}
|
|
|
|
}()
|
2017-01-25 07:07:19 +08:00
|
|
|
|
|
|
|
i, err := newContainerInit(it, pipe, rootfd)
|
2016-03-10 09:48:12 +08:00
|
|
|
if err != nil {
|
|
|
|
return err
|
2015-02-01 13:21:06 +08:00
|
|
|
}
|
2017-01-25 07:07:19 +08:00
|
|
|
|
|
|
|
// If Init succeeds, syscall.Exec will not return, hence none of the defers will be called.
|
2016-06-07 04:15:18 +08:00
|
|
|
return i.Init()
|
2015-02-01 12:51:12 +08:00
|
|
|
}
|
|
|
|
|
2016-08-26 01:23:35 +08:00
|
|
|
func (l *LinuxFactory) loadState(root, id string) (*State, error) {
|
2014-10-23 04:45:23 +08:00
|
|
|
f, err := os.Open(filepath.Join(root, stateFilename))
|
|
|
|
if err != nil {
|
|
|
|
if os.IsNotExist(err) {
|
2016-09-28 18:37:19 +08:00
|
|
|
return nil, newGenericError(fmt.Errorf("container %q does not exist", id), ContainerNotExists)
|
2014-10-23 04:45:23 +08:00
|
|
|
}
|
|
|
|
return nil, newGenericError(err, SystemError)
|
|
|
|
}
|
|
|
|
defer f.Close()
|
2015-02-12 06:45:07 +08:00
|
|
|
var state *State
|
2014-10-23 04:45:23 +08:00
|
|
|
if err := json.NewDecoder(f).Decode(&state); err != nil {
|
|
|
|
return nil, newGenericError(err, SystemError)
|
|
|
|
}
|
|
|
|
return state, nil
|
|
|
|
}
|
2014-12-15 23:05:11 +08:00
|
|
|
|
2015-02-14 07:43:14 +08:00
|
|
|
func (l *LinuxFactory) validateID(id string) error {
|
2015-02-01 12:51:12 +08:00
|
|
|
if !idRegex.MatchString(id) {
|
2015-10-29 22:15:26 +08:00
|
|
|
return newGenericError(fmt.Errorf("invalid id format: %v", id), InvalidIdFormat)
|
2014-12-23 06:06:22 +08:00
|
|
|
}
|
2015-02-01 12:51:12 +08:00
|
|
|
if len(id) > maxIdLen {
|
2015-10-29 22:15:26 +08:00
|
|
|
return newGenericError(fmt.Errorf("invalid id format: %v", id), InvalidIdFormat)
|
2015-02-01 12:51:12 +08:00
|
|
|
}
|
|
|
|
return nil
|
2014-12-15 23:05:11 +08:00
|
|
|
}
|