proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-27 15:49:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

confile: add lxc.hook.version

Browse Source 
Unblocks #2013.
Unblocks #2015.
Closes #1766.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This commit is contained in:
Christian Brauner 2017-12-10 12:53:25 +01:00
parent 45acc1bd8c
commit 44ae0fb6ca
No known key found for this signature in database
GPG Key ID: 8EB056D53EECB12D
5 changed files with 111 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
doc/lxc.container.conf.sgml.in
View File

@ -1636,9 +1636,10 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
at various times in a container's lifetime. at various times in a container's lifetime.
</para> </para>
<para> <para>
When a container hook is executed, information is passed both When a container hook is executed, additional information is passed
as command line arguments and through environment variables. along. The <option>lxc.hook.version</option> argument can be used to
The arguments are: determine if the following arguments are passed as command line
arguments or through environment variables. The arguments are:
<itemizedlist> <itemizedlist>
<listitem><para> Container name. </para></listitem> <listitem><para> Container name. </para></listitem>
<listitem><para> Section (always 'lxc'). </para></listitem> <listitem><para> Section (always 'lxc'). </para></listitem>
@ -1652,13 +1653,28 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
</itemizedlist> </itemizedlist>
The following environment variables are set: The following environment variables are set:
<itemizedlist> <itemizedlist>
<listitem><para> LXC_CGNS_AWARE: indicator whether the container is
cgroup namespace aware. </para></listitem>
<listitem><para> LXC_CONFIG_FILE: the path to the container
configuration file. </para></listitem>
<listitem><para> LXC_HOOK_TYPE: the hook type (e.g. 'clone', 'mount',
'pre-mount'). Note that the existence of this environment variable is
conditional on the value of <option>lxc.hook.version</option>. If it
is set to 1 then LXC_HOOK_TYPE will be set.
</para></listitem>
<listitem><para> LXC_HOOK_SECTION: the section type (e.g. 'lxc',
'net'). Note that the existence of this environment variable is
conditional on the value of <option>lxc.hook.version</option>. If it
is set to 1 then LXC_HOOK_SECTION will be set.
</para></listitem>
<listitem><para> LXC_LOG_LEVEL: the container's log level. </para></listitem>
<listitem><para> LXC_NAME: is the container's name. </para></listitem> <listitem><para> LXC_NAME: is the container's name. </para></listitem>
<listitem><para> LXC_ROOTFS_MOUNT: the path to the mounted root filesystem. </para></listitem> <listitem><para> LXC_ROOTFS_MOUNT: the path to the mounted root filesystem. </para></listitem>
<listitem><para> LXC_CONFIG_FILE: the path to the container configuration file. </para></listitem> <listitem><para> LXC_ROOTFS_PATH: this is the lxc.rootfs.path entry
<listitem><para> LXC_SRC_NAME: in the case of the clone hook, this is the original container's name. </para></listitem> for the container. Note this is likely not where the mounted rootfs is
<listitem><para> LXC_ROOTFS_PATH: this is the lxc.rootfs.path entry for the container. Note this is likely not where the mounted rootfs is to be found, use LXC_ROOTFS_MOUNT for that. </para></listitem> to be found, use LXC_ROOTFS_MOUNT for that. </para></listitem>
<listitem><para> LXC_CGNS_AWARE: indicated whether the container is cgroup namespace aware. </para></listitem> <listitem><para> LXC_SRC_NAME: in the case of the clone hook, this is
<listitem><para> LXC_LOG_LEVEL: the container's log level. </para></listitem> the original container's name. </para></listitem>
</itemizedlist> </itemizedlist>
</para> </para>
<para> <para>
@ -1666,6 +1682,28 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Standard error is not logged, but can be captured by the Standard error is not logged, but can be captured by the
hook redirecting its standard error to standard output. hook redirecting its standard error to standard output.
</para> </para>
<variablelist>
<varlistentry>
<term>
<option>lxc.hook.version</option>
</term>
<listitem>
<para>
To pass the arguments in new style via environment variables set to
1 otherwise set to 0 to pass them as arguments.
This setting affects all hooks arguments that were traditionally
passed as arguments to the script. Specifically, it affects the
container name, section (e.g. 'lxc', 'net') and hook type (e.g.
'clone', 'mount', 'pre-mount') arguments. If new-style hooks are
used then the arguments will be available as environment variables.
The container name will be set in LXC_NAME. (This is set
independently of the value used for this config item.) The section
will be set in LXC_HOOK_SECTION and the hook type will be set in
LXC_HOOK_TYPE.
</para>
</listitem>
</varlistentry>
</variablelist>
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term> <term>

1
src/lxc/conf.c
View File

@ -2484,6 +2484,7 @@ struct lxc_conf *lxc_conf_init(void)
lxc_list_init(&new->limits); lxc_list_init(&new->limits);
lxc_list_init(&new->sysctls); lxc_list_init(&new->sysctls);
lxc_list_init(&new->procs); lxc_list_init(&new->procs);
new->hooks_version = 0;
for (i = 0; i < NUM_LXC_HOOKS; i++) for (i = 0; i < NUM_LXC_HOOKS; i++)
lxc_list_init(&new->hooks[i]); lxc_list_init(&new->hooks[i]);
lxc_list_init(&new->groups); lxc_list_init(&new->groups);

4
src/lxc/conf.h
View File

@ -295,7 +295,11 @@ struct lxc_conf {
struct lxc_rootfs rootfs; struct lxc_rootfs rootfs;
char *ttydir; char *ttydir;
int close_all_fds; int close_all_fds;
struct {
unsigned int hooks_version;
struct lxc_list hooks[NUM_LXC_HOOKS]; struct lxc_list hooks[NUM_LXC_HOOKS];
};
char *lsm_aa_profile; char *lsm_aa_profile;
unsigned int lsm_aa_allow_incomplete; unsigned int lsm_aa_allow_incomplete;

43
src/lxc/confile.c
View File

@ -92,6 +92,7 @@ lxc_config_define(ephemeral);
lxc_config_define(execute_cmd); lxc_config_define(execute_cmd);
lxc_config_define(group); lxc_config_define(group);
lxc_config_define(hooks); lxc_config_define(hooks);
lxc_config_define(hooks_version);
lxc_config_define(idmaps); lxc_config_define(idmaps);
lxc_config_define(includefiles); lxc_config_define(includefiles);
lxc_config_define(init_cmd); lxc_config_define(init_cmd);
@ -168,11 +169,12 @@ static struct lxc_config_t config[] = {
{ "lxc.hook.destroy", false, set_config_hooks, get_config_hooks, clr_config_hooks, }, { "lxc.hook.destroy", false, set_config_hooks, get_config_hooks, clr_config_hooks, },
{ "lxc.hook.mount", false, set_config_hooks, get_config_hooks, clr_config_hooks, }, { "lxc.hook.mount", false, set_config_hooks, get_config_hooks, clr_config_hooks, },
{ "lxc.hook.post-stop", false, set_config_hooks, get_config_hooks, clr_config_hooks, }, { "lxc.hook.post-stop", false, set_config_hooks, get_config_hooks, clr_config_hooks, },
{ "lxc.hook.start-host", false, set_config_hooks, get_config_hooks, clr_config_hooks, },
{ "lxc.hook.pre-start", false, set_config_hooks, get_config_hooks, clr_config_hooks, },
{ "lxc.hook.pre-mount", false, set_config_hooks, get_config_hooks, clr_config_hooks, }, { "lxc.hook.pre-mount", false, set_config_hooks, get_config_hooks, clr_config_hooks, },
{ "lxc.hook.pre-start", false, set_config_hooks, get_config_hooks, clr_config_hooks, },
{ "lxc.hook.start", false, set_config_hooks, get_config_hooks, clr_config_hooks, }, { "lxc.hook.start", false, set_config_hooks, get_config_hooks, clr_config_hooks, },
{ "lxc.hook.start-host", false, set_config_hooks, get_config_hooks, clr_config_hooks, },
{ "lxc.hook.stop", false, set_config_hooks, get_config_hooks, clr_config_hooks, }, { "lxc.hook.stop", false, set_config_hooks, get_config_hooks, clr_config_hooks, },
{ "lxc.hook.version", false, set_config_hooks_version, get_config_hooks_version, clr_config_hooks_version, },
{ "lxc.hook", false, set_config_hooks, get_config_hooks, clr_config_hooks, }, { "lxc.hook", false, set_config_hooks, get_config_hooks, clr_config_hooks, },
{ "lxc.idmap", false, set_config_idmaps, get_config_idmaps, clr_config_idmaps, }, { "lxc.idmap", false, set_config_idmaps, get_config_idmaps, clr_config_idmaps, },
{ "lxc.include", false, set_config_includefiles, get_config_includefiles, clr_config_includefiles, }, { "lxc.include", false, set_config_includefiles, get_config_includefiles, clr_config_includefiles, },
@ -980,6 +982,29 @@ static int set_config_hooks(const char *key, const char *value,
return -1; return -1;
} }
static int set_config_hooks_version(const char *key, const char *value,
struct lxc_conf *lxc_conf, void *data)
{
int ret;
unsigned int tmp;
if (lxc_config_value_empty(value))
return clr_config_hooks_version(key, lxc_conf, NULL);
ret = lxc_safe_uint(value, &tmp);
if (ret < 0)
return -1;
if (tmp > 1) {
ERROR("Invalid hook version specified. Currently only 0 "
"(legacy) and 1 are supported");
return -1;
}
lxc_conf->hooks_version = tmp;
return 0;
}
static int set_config_personality(const char *key, const char *value, static int set_config_personality(const char *key, const char *value,
struct lxc_conf *lxc_conf, void *data) struct lxc_conf *lxc_conf, void *data)
{ {
@ -3154,6 +3179,12 @@ static int get_config_hooks(const char *key, char *retv, int inlen,
return fulllen; return fulllen;
} }
static int get_config_hooks_version(const char *key, char *retv, int inlen,
struct lxc_conf *c, void *data)
{
return lxc_get_conf_int(c, retv, inlen, c->hooks_version);
}
static int get_config_net(const char *key, char *retv, int inlen, static int get_config_net(const char *key, char *retv, int inlen,
struct lxc_conf *c, void *data) struct lxc_conf *c, void *data)
{ {
@ -3688,6 +3719,14 @@ static inline int clr_config_hooks(const char *key, struct lxc_conf *c,
return lxc_clear_hooks(c, key); return lxc_clear_hooks(c, key);
} }
static inline int clr_config_hooks_version(const char *key, struct lxc_conf *c,
void *data)
{
/* default to legacy hooks version */
c->hooks_version = 0;
return 0;
}
static inline int clr_config_net(const char *key, struct lxc_conf *c, static inline int clr_config_net(const char *key, struct lxc_conf *c,
void *data) void *data)
{ {

23
src/tests/parse_config_file.c
View File

@ -301,16 +301,16 @@ static int set_get_compare_clear_save_load_network(
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
int ret;
struct lxc_container *c; struct lxc_container *c;
int fd = -1; int fd = -1, fret = EXIT_FAILURE;
int ret = EXIT_FAILURE;
char tmpf[] = "lxc-parse-config-file-XXXXXX"; char tmpf[] = "lxc-parse-config-file-XXXXXX";
char retval[4096] = {0}; char retval[4096] = {0};
fd = mkstemp(tmpf); fd = mkstemp(tmpf);
if (fd < 0) { if (fd < 0) {
lxc_error("%s\n", "Could not create temporary file"); lxc_error("%s\n", "Could not create temporary file");
exit(ret); exit(fret);
} }
close(fd); close(fd);
@ -1110,10 +1110,23 @@ int main(int argc, char *argv[])
goto non_test_error; goto non_test_error;
} }
ret = EXIT_SUCCESS; ret = set_get_compare_clear_save_load(c, "lxc.hook.version", "1", tmpf, true);
if (ret < 0) {
lxc_error("%s\n", "lxc.hook.version");
goto non_test_error;
}
ret = set_get_compare_clear_save_load(c, "lxc.hook.version", "2", tmpf, true);
if (ret == 0) {
lxc_error("%s\n", "lxc.hook.version");
goto non_test_error;
}
fret = EXIT_SUCCESS;
non_test_error: non_test_error:
(void)unlink(tmpf); (void)unlink(tmpf);
(void)rmdir(dirname(c->configfile)); (void)rmdir(dirname(c->configfile));
lxc_container_put(c); lxc_container_put(c);
exit(ret); exit(fret);
} }