add a start-host hook (v2)

This should satisfy several use cases.  The one I tested for was CNI.
I replaced the network configuration in a root owned container with:

lxc.net.0.type = empty
lxc.hook.start-host = /bin/lxc-start-netns

where /bin/lxc-start-netns contained:

=================================

echo "starting" > /tmp/debug
ip link add host1 type veth peer name peer1
ip link set host1 master lxcbr0
ip link set host1 up
ip link set peer1 netns "${LXC_PID}"
=================================

The nic 'peer1' was placed into the container as expected.

For this to work, we pass the container init's pid as LXC_PID in
an environment variable, since lxc-info cannot work at that point.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>

doc/lxc.container.conf.sgml.in

@@ -1519,6 +1519,20 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
           </listitem>
         </varlistentry>
       </variablelist>
+      <variablelist>
+        <varlistentry>
+          <term>
+            <option>lxc.hook.start-host</option>
+          </term>
+          <listitem>
+            <para>
+              A hook to be run in the host's namespace after the
+              container has been setup, and immediately before starting
+	      the container init.
+            </para>
+          </listitem>
+        </varlistentry>
+      </variablelist>
       <variablelist>
         <varlistentry>
           <term>

src/lxc/conf.c

@@ -236,7 +236,8 @@ extern int memfd_create(const char *name, unsigned int flags);
 
 char *lxchook_names[NUM_LXC_HOOKS] = {"pre-start", "pre-mount", "mount",
 				      "autodev",   "start",     "stop",
-				      "post-stop", "clone",     "destroy"};
+				      "post-stop", "clone",     "destroy",
+				      "start-host"};
 
 struct mount_opt {
 	char *name;
@@ -3285,6 +3286,8 @@ int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf,
 
 	if (strcmp(hook, "pre-start") == 0)
 		which = LXCHOOK_PRESTART;
+	else if (strcmp(hook, "start-host") == 0)
+		which = LXCHOOK_START_HOST;
 	else if (strcmp(hook, "pre-mount") == 0)
 		which = LXCHOOK_PREMOUNT;
 	else if (strcmp(hook, "mount") == 0)

src/lxc/conf.h

@@ -228,6 +228,7 @@ enum lxchooks {
 	LXCHOOK_POSTSTOP,
 	LXCHOOK_CLONE,
 	LXCHOOK_DESTROY,
+	LXCHOOK_START_HOST,
 	NUM_LXC_HOOKS
 };
 

src/lxc/confile.c

@@ -155,6 +155,7 @@ static struct lxc_config_t config[] = {
 	{ "lxc.hook.destroy",              false,                  set_config_hooks,                       get_config_hooks,                       clr_config_hooks,                     },
 	{ "lxc.hook.mount",                false,                  set_config_hooks,                       get_config_hooks,                       clr_config_hooks,                     },
 	{ "lxc.hook.post-stop",            false,                  set_config_hooks,                       get_config_hooks,                       clr_config_hooks,                     },
+	{ "lxc.hook.start-host",           false,                  set_config_hooks,                       get_config_hooks,                       clr_config_hooks,                     },
 	{ "lxc.hook.pre-start",            false,                  set_config_hooks,                       get_config_hooks,                       clr_config_hooks,                     },
 	{ "lxc.hook.pre-mount",            false,                  set_config_hooks,                       get_config_hooks,                       clr_config_hooks,                     },
 	{ "lxc.hook.start",                false,                  set_config_hooks,                       get_config_hooks,                       clr_config_hooks,                     },
@@ -980,6 +981,8 @@ static int set_config_hooks(const char *key, const char *value,
 
 	if (strcmp(key + 9, "pre-start") == 0)
 		return add_hook(lxc_conf, LXCHOOK_PRESTART, copy);
+	else if (strcmp(key + 9, "start-host") == 0)
+		return add_hook(lxc_conf, LXCHOOK_START_HOST, copy);
 	else if (strcmp(key + 9, "pre-mount") == 0)
 		return add_hook(lxc_conf, LXCHOOK_PREMOUNT, copy);
 	else if (strcmp(key + 9, "autodev") == 0)
@@ -4445,6 +4448,7 @@ int lxc_list_subkeys(struct lxc_conf *conf, const char *key, char *retv,
 		strprint(retv, inlen, "post-stop\n");
 		strprint(retv, inlen, "pre-mount\n");
 		strprint(retv, inlen, "pre-start\n");
+		strprint(retv, inlen, "start-host\n");
 		strprint(retv, inlen, "start\n");
 		strprint(retv, inlen, "stop\n");
 	} else if (!strcmp(key, "lxc.cap")) {

src/lxc/start.c

@@ -1165,6 +1165,7 @@ static int lxc_spawn(struct lxc_handler *handler)
 {
 	int i, flags, ret;
 	const char *name = handler->name;
+	char pidstr[20];
 	bool wants_to_map_ids;
 	int saved_ns_fd[LXC_NS_MAX];
 	struct lxc_list *id_map;
@@ -1355,13 +1356,23 @@ static int lxc_spawn(struct lxc_handler *handler)
 	cgroup_disconnect();
 	cgroups_connected = false;
 
+	snprintf(pidstr, 20, "%d", handler->pid);
+	if (setenv("LXC_PID", pidstr, 1))
+		SYSERROR("Failed to set environment variable: LXC_PID=%s.", pidstr);
+
+	/* Run any host-side start hooks */
+	if (run_lxc_hooks(name, "start-host", handler->conf, handler->lxcpath, NULL)) {
+		ERROR("Failed to run lxc.hook.start-host for container \"%s\".", name);
+		return -1;
+	}
+
 	/* Tell the child to complete its initialization and wait for it to exec
 	 * or return an error. (The child will never return
-	 * LXC_SYNC_POST_CGROUP+1. It will either close the sync pipe, causing
+	 * LXC_SYNC_READY_START+1. It will either close the sync pipe, causing
 	 * lxc_sync_barrier_child to return success, or return a different
 	 * value, causing us to error out).
 	 */
-	if (lxc_sync_barrier_child(handler, LXC_SYNC_POST_CGROUP))
+	if (lxc_sync_barrier_child(handler, LXC_SYNC_READY_START))
 		return -1;
 
 	if (lxc_network_recv_name_and_ifindex_from_child(handler) < 0) {

src/lxc/sync.h

@@ -32,7 +32,7 @@ enum {
 	LXC_SYNC_CGROUP,
 	LXC_SYNC_CGROUP_UNSHARE,
 	LXC_SYNC_CGROUP_LIMITS,
-	LXC_SYNC_POST_CGROUP,
+	LXC_SYNC_READY_START,
 	LXC_SYNC_RESTART,
 	LXC_SYNC_POST_RESTART,
 	LXC_SYNC_ERROR = -1 /* Used to report errors from another process */