2014-01-08 21:47:57 -05:00
|
|
|
package lxc
|
|
|
|
|
|
|
|
import (
|
2014-01-09 18:04:45 -05:00
|
|
|
"errors"
|
|
|
|
"fmt"
|
2014-01-08 21:47:57 -05:00
|
|
|
"github.com/dotcloud/docker/execdriver"
|
2014-01-10 21:21:41 -05:00
|
|
|
"github.com/dotcloud/docker/utils"
|
|
|
|
"io/ioutil"
|
2014-01-10 21:09:07 -05:00
|
|
|
"os"
|
2014-01-08 21:47:57 -05:00
|
|
|
"os/exec"
|
2014-01-10 21:09:07 -05:00
|
|
|
"path"
|
2014-01-08 21:47:57 -05:00
|
|
|
"strconv"
|
2014-01-09 18:04:45 -05:00
|
|
|
"strings"
|
|
|
|
"time"
|
2014-01-08 21:47:57 -05:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
startPath = "lxc-start"
|
|
|
|
)
|
|
|
|
|
2014-01-09 18:04:45 -05:00
|
|
|
var (
|
|
|
|
ErrNotRunning = errors.New("Process could not be started")
|
|
|
|
ErrWaitTimeoutReached = errors.New("Wait timeout reached")
|
|
|
|
)
|
|
|
|
|
2014-01-08 21:47:57 -05:00
|
|
|
type driver struct {
|
2014-01-10 21:21:41 -05:00
|
|
|
root string // root path for the driver to use
|
|
|
|
apparmor bool
|
|
|
|
sharedRoot bool
|
2014-01-08 21:47:57 -05:00
|
|
|
}
|
|
|
|
|
2014-01-10 21:09:07 -05:00
|
|
|
func NewDriver(root string, apparmor bool) (execdriver.Driver, error) {
|
2014-01-08 21:47:57 -05:00
|
|
|
// setup unconfined symlink
|
2014-01-10 21:09:07 -05:00
|
|
|
if err := linkLxcStart(root); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2014-01-09 18:04:45 -05:00
|
|
|
return &driver{
|
2014-01-10 21:21:41 -05:00
|
|
|
apparmor: apparmor,
|
|
|
|
root: root,
|
|
|
|
sharedRoot: rootIsShared(),
|
2014-01-09 18:04:45 -05:00
|
|
|
}, nil
|
2014-01-08 21:47:57 -05:00
|
|
|
}
|
|
|
|
|
2014-01-09 18:04:45 -05:00
|
|
|
func (d *driver) Start(c *execdriver.Process) error {
|
2014-01-08 21:47:57 -05:00
|
|
|
params := []string{
|
|
|
|
startPath,
|
2014-01-10 17:26:29 -05:00
|
|
|
"-n", c.ID,
|
2014-01-09 18:04:45 -05:00
|
|
|
"-f", c.ConfigPath,
|
2014-01-08 21:47:57 -05:00
|
|
|
"--",
|
|
|
|
c.InitPath,
|
|
|
|
}
|
|
|
|
|
|
|
|
if c.Network != nil {
|
|
|
|
params = append(params,
|
|
|
|
"-g", c.Network.Gateway,
|
2014-01-09 18:04:45 -05:00
|
|
|
"-i", fmt.Sprintf("%s/%d", c.Network.IPAddress, c.Network.IPPrefixLen),
|
|
|
|
"-mtu", strconv.Itoa(c.Network.Mtu),
|
2014-01-08 21:47:57 -05:00
|
|
|
)
|
|
|
|
}
|
|
|
|
|
|
|
|
if c.User != "" {
|
|
|
|
params = append(params, "-u", c.User)
|
|
|
|
}
|
|
|
|
|
|
|
|
if c.Privileged {
|
2014-01-10 21:09:07 -05:00
|
|
|
if d.apparmor {
|
|
|
|
params[0] = path.Join(d.root, "lxc-start-unconfined")
|
|
|
|
|
|
|
|
}
|
2014-01-08 21:47:57 -05:00
|
|
|
params = append(params, "-privileged")
|
|
|
|
}
|
|
|
|
|
|
|
|
if c.WorkingDir != "" {
|
|
|
|
params = append(params, "-w", c.WorkingDir)
|
|
|
|
}
|
|
|
|
|
2014-01-10 21:21:41 -05:00
|
|
|
if d.sharedRoot {
|
|
|
|
// lxc-start really needs / to be non-shared, or all kinds of stuff break
|
|
|
|
// when lxc-start unmount things and those unmounts propagate to the main
|
|
|
|
// mount namespace.
|
|
|
|
// What we really want is to clone into a new namespace and then
|
|
|
|
// mount / MS_REC|MS_SLAVE, but since we can't really clone or fork
|
|
|
|
// without exec in go we have to do this horrible shell hack...
|
|
|
|
shellString :=
|
|
|
|
"mount --make-rslave /; exec " +
|
|
|
|
utils.ShellQuoteArguments(params)
|
|
|
|
|
|
|
|
params = []string{
|
|
|
|
"unshare", "-m", "--", "/bin/sh", "-c", shellString,
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2014-01-08 21:47:57 -05:00
|
|
|
params = append(params, "--", c.Entrypoint)
|
2014-01-10 14:44:35 -05:00
|
|
|
params = append(params, c.Arguments...)
|
2014-01-08 21:47:57 -05:00
|
|
|
|
2014-01-10 14:44:35 -05:00
|
|
|
var (
|
|
|
|
name = params[0]
|
|
|
|
arg = params[1:]
|
|
|
|
)
|
|
|
|
aname, err := exec.LookPath(name)
|
|
|
|
if err != nil {
|
|
|
|
aname = name
|
2014-01-09 18:04:45 -05:00
|
|
|
}
|
2014-01-10 14:44:35 -05:00
|
|
|
c.Path = aname
|
|
|
|
c.Args = append([]string{name}, arg...)
|
|
|
|
|
|
|
|
if err := c.Start(); err != nil {
|
2014-01-08 21:47:57 -05:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2014-01-10 18:06:16 -05:00
|
|
|
go func() {
|
|
|
|
if err := c.Wait(); err != nil {
|
|
|
|
c.WaitError = err
|
|
|
|
}
|
|
|
|
close(c.WaitLock)
|
|
|
|
}()
|
|
|
|
|
2014-01-08 21:47:57 -05:00
|
|
|
// Poll for running
|
2014-01-10 14:44:35 -05:00
|
|
|
if err := d.waitForStart(c); err != nil {
|
2014-01-08 21:47:57 -05:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2014-01-09 18:04:45 -05:00
|
|
|
func (d *driver) Kill(c *execdriver.Process, sig int) error {
|
|
|
|
return d.kill(c, sig)
|
|
|
|
}
|
2014-01-08 21:47:57 -05:00
|
|
|
|
2014-01-10 18:06:16 -05:00
|
|
|
func (d *driver) Wait(id string, duration time.Duration) error {
|
2014-01-09 18:04:45 -05:00
|
|
|
var (
|
|
|
|
killer bool
|
2014-01-10 18:06:16 -05:00
|
|
|
done = d.waitLxc(id, &killer)
|
2014-01-09 18:04:45 -05:00
|
|
|
)
|
2014-01-10 18:06:16 -05:00
|
|
|
|
2014-01-09 18:04:45 -05:00
|
|
|
if duration > 0 {
|
|
|
|
select {
|
|
|
|
case err := <-done:
|
|
|
|
return err
|
|
|
|
case <-time.After(duration):
|
|
|
|
killer = true
|
|
|
|
return ErrWaitTimeoutReached
|
|
|
|
}
|
|
|
|
} else {
|
2014-01-10 18:06:16 -05:00
|
|
|
return <-done
|
2014-01-09 18:04:45 -05:00
|
|
|
}
|
2014-01-09 21:48:34 -05:00
|
|
|
return nil
|
2014-01-08 21:47:57 -05:00
|
|
|
}
|
|
|
|
|
2014-01-10 21:09:07 -05:00
|
|
|
func (d *driver) Version() string {
|
|
|
|
version := ""
|
|
|
|
if output, err := exec.Command("lxc-version").CombinedOutput(); err == nil {
|
|
|
|
outputStr := string(output)
|
|
|
|
if len(strings.SplitN(outputStr, ":", 2)) == 2 {
|
|
|
|
version = strings.TrimSpace(strings.SplitN(outputStr, ":", 2)[1])
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return version
|
|
|
|
}
|
|
|
|
|
2014-01-09 18:04:45 -05:00
|
|
|
func (d *driver) kill(c *execdriver.Process, sig int) error {
|
2014-01-10 18:34:03 -05:00
|
|
|
output, err := exec.Command("lxc-kill", "-n", c.ID, strconv.Itoa(sig)).CombinedOutput()
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("Err: %s Output: %s", err, output)
|
|
|
|
}
|
|
|
|
return nil
|
2014-01-08 21:47:57 -05:00
|
|
|
}
|
|
|
|
|
2014-01-10 14:44:35 -05:00
|
|
|
func (d *driver) waitForStart(c *execdriver.Process) error {
|
2014-01-10 17:26:29 -05:00
|
|
|
var (
|
|
|
|
err error
|
|
|
|
output []byte
|
|
|
|
)
|
2014-01-09 18:04:45 -05:00
|
|
|
// We wait for the container to be fully running.
|
|
|
|
// Timeout after 5 seconds. In case of broken pipe, just retry.
|
|
|
|
// Note: The container can run and finish correctly before
|
|
|
|
// the end of this loop
|
|
|
|
for now := time.Now(); time.Since(now) < 5*time.Second; {
|
2014-01-10 19:11:19 -05:00
|
|
|
select {
|
|
|
|
case <-c.WaitLock:
|
|
|
|
// If the process dies while waiting for it, just return
|
|
|
|
if c.ProcessState != nil && c.ProcessState.Exited() {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
default:
|
2014-01-10 17:26:29 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
output, err = d.getInfo(c)
|
2014-01-09 18:04:45 -05:00
|
|
|
if err != nil {
|
2014-01-10 17:26:29 -05:00
|
|
|
output, err = d.getInfo(c)
|
2014-01-09 18:04:45 -05:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if strings.Contains(string(output), "RUNNING") {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
time.Sleep(50 * time.Millisecond)
|
|
|
|
}
|
|
|
|
return ErrNotRunning
|
2014-01-08 21:47:57 -05:00
|
|
|
}
|
|
|
|
|
2014-01-10 18:06:16 -05:00
|
|
|
func (d *driver) waitLxc(id string, kill *bool) <-chan error {
|
2014-01-09 18:04:45 -05:00
|
|
|
done := make(chan error)
|
|
|
|
go func() {
|
|
|
|
for *kill {
|
2014-01-10 18:06:16 -05:00
|
|
|
output, err := exec.Command("lxc-info", "-n", id).CombinedOutput()
|
2014-01-09 18:04:45 -05:00
|
|
|
if err != nil {
|
|
|
|
done <- err
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if !strings.Contains(string(output), "RUNNING") {
|
|
|
|
done <- err
|
|
|
|
return
|
|
|
|
}
|
|
|
|
time.Sleep(500 * time.Millisecond)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
return done
|
2014-01-08 21:47:57 -05:00
|
|
|
}
|
2014-01-10 17:26:29 -05:00
|
|
|
|
|
|
|
func (d *driver) getInfo(c *execdriver.Process) ([]byte, error) {
|
|
|
|
return exec.Command("lxc-info", "-s", "-n", c.ID).CombinedOutput()
|
|
|
|
}
|
2014-01-10 21:09:07 -05:00
|
|
|
|
|
|
|
func linkLxcStart(root string) error {
|
|
|
|
sourcePath, err := exec.LookPath("lxc-start")
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
targetPath := path.Join(root, "lxc-start-unconfined")
|
|
|
|
|
|
|
|
if _, err := os.Lstat(targetPath); err != nil && !os.IsNotExist(err) {
|
|
|
|
return err
|
|
|
|
} else if err == nil {
|
|
|
|
if err := os.Remove(targetPath); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return os.Symlink(sourcePath, targetPath)
|
|
|
|
}
|
2014-01-10 21:21:41 -05:00
|
|
|
|
|
|
|
func rootIsShared() bool {
|
|
|
|
if data, err := ioutil.ReadFile("/proc/self/mountinfo"); err == nil {
|
|
|
|
for _, line := range strings.Split(string(data), "\n") {
|
|
|
|
cols := strings.Split(line, " ")
|
|
|
|
if len(cols) >= 6 && cols[4] == "/" {
|
|
|
|
return strings.HasPrefix(cols[6], "shared")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// No idea, probably safe to assume so
|
|
|
|
return true
|
|
|
|
}
|