Quoting Dwight Engen (dwight.en...@oracle.com):
> Moving these files should allow $lxcpath to be a read-only fs.
Thanks, nice cleanup too. One concern though - lxc_monitor_sock_name()
just keeps making a longer and longer path, and it's limited to 108
bytes. Is there any reason not to use an abstract unix sock for it?
The monitor-fifo doesn't have the length restriction so
$rundir/lxc/$lxcpath/monitor-fifo is ok for it.
> Signed-off-by: Dwight Engen <dwight.en...@oracle.com>
> ---
> Tested lxc-monitor and lxc-wait as root, do not have environment to test
> unprivileged user (XDG_RUNTIME_DIR) case but believe that should work.
>
> src/lxc/lxc_monitord.c | 17 +++++++--------
> src/lxc/lxclock.c | 5 +----
> src/lxc/monitor.c | 56
> ++++++++++++++++++++++++++++++++++++++++++++------
> src/lxc/monitor.h | 2 ++
> src/lxc/utils.c | 10 +++++++++
> src/lxc/utils.h | 2 ++
> 6 files changed, 72 insertions(+), 20 deletions(-)
>
> diff --git a/src/lxc/lxc_monitord.c b/src/lxc/lxc_monitord.c
> index c5e156e..fda6cf4 100644
> --- a/src/lxc/lxc_monitord.c
> +++ b/src/lxc/lxc_monitord.c
> @@ -76,11 +76,9 @@ static int lxc_monitord_fifo_create(struct lxc_monitor
> *mon)
> char fifo_path[PATH_MAX];
> int ret;
>
> - ret = snprintf(fifo_path, sizeof(fifo_path), "%s/monitor-fifo",
> mon->lxcpath);
> - if (ret < 0 || ret >= sizeof(fifo_path)) {
> - ERROR("lxcpath too long to monitor fifo");
> - return -1;
> - }
> + ret = lxc_monitor_fifo_name(mon->lxcpath, fifo_path, sizeof(fifo_path),
> 1);
> + if (ret < 0)
> + return ret;
>
> ret = mknod(fifo_path, S_IFIFO|S_IRUSR|S_IWUSR, 0);
> if (ret < 0) {
> @@ -102,11 +100,10 @@ static int lxc_monitord_fifo_delete(struct lxc_monitor
> *mon)
> char fifo_path[PATH_MAX];
> int ret;
>
> - ret = snprintf(fifo_path, sizeof(fifo_path), "%s/monitor-fifo",
> mon->lxcpath);
> - if (ret < 0 || ret >= sizeof(fifo_path)) {
> - ERROR("lxcpath too long to monitor fifo");
> - return -1;
> - }
> + ret = lxc_monitor_fifo_name(mon->lxcpath, fifo_path, sizeof(fifo_path),
> 0);
> + if (ret < 0)
> + return ret;
> +
> unlink(fifo_path);
> return 0;
> }
> diff --git a/src/lxc/lxclock.c b/src/lxc/lxclock.c
> index 79ebf84..1d6a86c 100644
> --- a/src/lxc/lxclock.c
> +++ b/src/lxc/lxclock.c
> @@ -56,10 +56,7 @@ static char *lxclock_name(const char *p, const char *n)
>
> /* length of "/lock/lxc/" + $lxcpath + "/" + $lxcname + '\0' */
> len = strlen("/lock/lxc/") + strlen(n) + strlen(p) + 2;
> - rundir = getenv("XDG_RUNTIME_DIR");
> - if (geteuid() == 0 || rundir == NULL)
> - rundir = "/run";
> -
> + rundir = get_rundir();
> len += strlen(rundir);
>
> if ((dest = malloc(len)) == NULL)
> diff --git a/src/lxc/monitor.c b/src/lxc/monitor.c
> index 412d38f..bdcc581 100644
> --- a/src/lxc/monitor.c
> +++ b/src/lxc/monitor.c
> @@ -40,6 +40,7 @@
> #include "af_unix.h"
>
> #include <lxc/log.h>
> +#include <lxc/lxclock.h>
> #include <lxc/state.h>
> #include <lxc/monitor.h>
> #include <lxc/utils.h>
> @@ -47,17 +48,45 @@
> lxc_log_define(lxc_monitor, lxc);
>
> /* routines used by monitor publishers (containers) */
> +int lxc_monitor_fifo_name(const char *lxcpath, char *fifo_path, size_t
> fifo_path_sz,
> + int do_mkdirp)
> +{
> + int ret;
> + const char *rundir;
> +
> + rundir = get_rundir();
> + if (do_mkdirp) {
> + ret = snprintf(fifo_path, fifo_path_sz, "%s/lxc/%s", rundir,
> lxcpath);
> + if (ret < 0 || ret >= fifo_path_sz) {
> + ERROR("rundir/lxcpath (%s/%s) too long for monitor
> fifo", rundir, lxcpath);
> + return -1;
> + }
> + process_lock();
> + ret = mkdir_p(fifo_path, 0755);
> + process_unlock();
> + if (ret < 0) {
> + ERROR("unable to create monitor fifo dir %s",
> fifo_path);
> + return ret;
> + }
> + }
> + ret = snprintf(fifo_path, fifo_path_sz, "%s/lxc/%s/monitor-fifo",
> rundir, lxcpath);
> + if (ret < 0 || ret >= fifo_path_sz) {
> + ERROR("rundir/lxcpath (%s/%s) too long for monitor fifo",
> rundir, lxcpath);
> + return -1;
> + }
> + return 0;
> +}
> +
> static void lxc_monitor_fifo_send(struct lxc_msg *msg, const char *lxcpath)
> {
> int fd,ret;
> char fifo_path[PATH_MAX];
>
> BUILD_BUG_ON(sizeof(*msg) > PIPE_BUF); /* write not guaranteed atomic */
> - ret = snprintf(fifo_path, sizeof(fifo_path), "%s/monitor-fifo",
> lxcpath);
> - if (ret < 0 || ret >= sizeof(fifo_path)) {
> - ERROR("lxcpath too long to open monitor fifo");
> +
> + ret = lxc_monitor_fifo_name(lxcpath, fifo_path, sizeof(fifo_path), 0);
> + if (ret < 0)
> return;
> - }
>
> fd = open(fifo_path, O_WRONLY);
> if (fd < 0) {
> @@ -98,6 +127,7 @@ int lxc_monitor_sock_name(const char *lxcpath, struct
> sockaddr_un *addr) {
> size_t len;
> int ret;
> char *sockname = &addr->sun_path[0]; // 1 for abstract
> + const char *rundir;
>
> /* addr.sun_path is only 108 bytes.
> * should we take a hash of lxcpath? a subset of it? ftok()? we need
> @@ -106,9 +136,23 @@ int lxc_monitor_sock_name(const char *lxcpath, struct
> sockaddr_un *addr) {
> memset(addr, 0, sizeof(*addr));
> addr->sun_family = AF_UNIX;
> len = sizeof(addr->sun_path) - 1;
> - ret = snprintf(sockname, len, "%s/monitor-sock", lxcpath);
> + rundir = get_rundir();
> + ret = snprintf(sockname, len, "%s/lxc/%s", rundir, lxcpath);
> + if (ret < 0 || ret >= len) {
> + ERROR("rundir/lxcpath (%s/%s) too long for monitor unix
> socket", rundir, lxcpath);
> + return -1;
> + }
> + process_lock();
> + ret = mkdir_p(sockname, 0755);
> + process_unlock();
> + if (ret < 0) {
> + ERROR("unable to create monitor sock %s", sockname);
> + return ret;
> + }
> +
> + ret = snprintf(sockname, len, "%s/lxc/%s/monitor-sock", rundir,
> lxcpath);
> if (ret < 0 || ret >= len) {
> - ERROR("lxcpath too long for unix socket");
> + ERROR("rundir/lxcpath (%s/%s) too long for monitor unix
> socket", rundir, lxcpath);
> return -1;
> }
> return 0;
> diff --git a/src/lxc/monitor.h b/src/lxc/monitor.h
> index 2a61091..8093919 100644
> --- a/src/lxc/monitor.h
> +++ b/src/lxc/monitor.h
> @@ -41,6 +41,8 @@ struct lxc_msg {
>
> extern int lxc_monitor_open(const char *lxcpath);
> extern int lxc_monitor_sock_name(const char *lxcpath, struct sockaddr_un
> *addr);
> +extern int lxc_monitor_fifo_name(const char *lxcpath, char *fifo_path,
> + size_t fifo_path_sz, int do_mkdirp);
> extern void lxc_monitor_send_state(const char *name, lxc_state_t state,
> const char *lxcpath);
> extern int lxc_monitord_spawn(const char *lxcpath);
> diff --git a/src/lxc/utils.c b/src/lxc/utils.c
> index ba0604a..2e66585 100644
> --- a/src/lxc/utils.c
> +++ b/src/lxc/utils.c
> @@ -318,6 +318,16 @@ const char *default_lxc_path(void)
> return lxc_global_config_value("lxcpath");
> }
>
> +const char *get_rundir()
> +{
> + const char *rundir;
> +
> + rundir = getenv("XDG_RUNTIME_DIR");
> + if (geteuid() == 0 || rundir == NULL)
> + rundir = "/run";
> + return rundir;
> +}
> +
> int wait_for_pid(pid_t pid)
> {
> int status, ret;
> diff --git a/src/lxc/utils.h b/src/lxc/utils.h
> index 1a7b551..9776d18 100644
> --- a/src/lxc/utils.h
> +++ b/src/lxc/utils.h
> @@ -37,6 +37,8 @@ extern int lxc_rmdir_onedev(char *path);
> extern int lxc_setup_fs(void);
> extern int get_u16(unsigned short *val, const char *arg, int base);
> extern int mkdir_p(const char *dir, mode_t mode);
> +extern const char *get_rundir(void);
> +
> /*
> * Return a buffer containing the default container path.
> * Caller must NOT free this buffer, since it may be static.
> --
> 1.8.1.4
>
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. Consolidate legacy IT systems to a single system of record for IT
2. Standardize and globalize service processes across IT
3. Implement zero-touch automation to replace manual, redundant tasks
http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
