Merge pull request #2354 from brauner/2018-05-26/config_cleanups

conf: cleanups, and bugfixes

src/lxc/conf.c

@@ -835,7 +835,7 @@ static int lxc_setup_dev_symlinks(const struct lxc_rootfs *rootfs)
 }
 
 /* Build a space-separate list of ptys to pass to systemd. */
-static bool append_ptyname(char **pp, char *name)
+static bool append_ttyname(char **pp, char *name)
 {
 	char *p;
 
@@ -863,13 +863,13 @@ static int lxc_setup_ttys(struct lxc_conf *conf)
 {
 	int i, ret;
 	const struct lxc_tty_info *ttys = &conf->ttys;
-	char *ttydir = conf->ttydir;
+	char *ttydir = ttys->dir;
 	char path[MAXPATHLEN], lxcpath[MAXPATHLEN];
 
 	if (!conf->rootfs.path)
 		return 0;
 
-	for (i = 0; i < ttys->nbtty; i++) {
+	for (i = 0; i < ttys->max; i++) {
 		struct lxc_terminal_info *tty = &ttys->tty[i];
 
 		ret = snprintf(path, sizeof(path), "/dev/tty%d", i + 1);
@@ -942,13 +942,13 @@ static int lxc_setup_ttys(struct lxc_conf *conf)
 			      path);
 		}
 
-		if (!append_ptyname(&conf->pty_names, tty->name)) {
+		if (!append_ttyname(&conf->ttys.tty_names, tty->name)) {
 			ERROR("Error setting up container_ttys string");
 			return -1;
 		}
 	}
 
-	INFO("Finished setting up %d /dev/tty<N> device(s)", ttys->nbtty);
+	INFO("Finished setting up %zu /dev/tty<N> device(s)", ttys->max);
 	return 0;
 }
 
@@ -958,21 +958,21 @@ int lxc_allocate_ttys(const char *name, struct lxc_conf *conf)
 	struct lxc_tty_info *ttys = &conf->ttys;
 
 	/* no tty in the configuration */
-	if (!conf->tty)
+	if (ttys->max == 0)
 		return 0;
 
-	ttys->tty = malloc(sizeof(*ttys->tty) * conf->tty);
+	ttys->tty = malloc(sizeof(*ttys->tty) * ttys->max);
 	if (!ttys->tty)
 		return -ENOMEM;
 
-	for (i = 0; i < conf->tty; i++) {
+	for (i = 0; i < ttys->max; i++) {
 		struct lxc_terminal_info *tty = &ttys->tty[i];
 
 		ret = openpty(&tty->master, &tty->slave,
 			      tty->name, NULL, NULL);
 		if (ret) {
 			SYSERROR("Failed to create tty %d", i);
-			ttys->nbtty = i;
+			ttys->max = i;
 			lxc_delete_tty(ttys);
 			return -ENOTTY;
 		}
@@ -996,17 +996,15 @@ int lxc_allocate_ttys(const char *name, struct lxc_conf *conf)
 		tty->busy = 0;
 	}
 
-	ttys->nbtty = conf->tty;
-
-	INFO("Finished creating %d tty devices", conf->tty);
+	INFO("Finished creating %zu tty devices", ttys->max);
 	return 0;
 }
 
 void lxc_delete_tty(struct lxc_tty_info *ttys)
 {
 	int i;
 
-	for (i = 0; i < ttys->nbtty; i++) {
+	for (i = 0; i < ttys->max; i++) {
 		struct lxc_terminal_info *tty = &ttys->tty[i];
 
 		close(tty->master);
@@ -1015,7 +1013,6 @@ void lxc_delete_tty(struct lxc_tty_info *ttys)
 
 	free(ttys->tty);
 	ttys->tty = NULL;
-	ttys->nbtty = 0;
 }
 
 static int lxc_send_ttys_to_parent(struct lxc_handler *handler)
@@ -1026,10 +1023,10 @@ static int lxc_send_ttys_to_parent(struct lxc_handler *handler)
 	struct lxc_tty_info *ttys = &conf->ttys;
 	int sock = handler->data_sock[0];
 
-	if (conf->tty == 0)
+	if (ttys->max == 0)
 		return 0;
 
-	for (i = 0; i < conf->tty; i++) {
+	for (i = 0; i < ttys->max; i++) {
 		int ttyfds[2];
 		struct lxc_terminal_info *tty = &ttys->tty[i];
 
@@ -1045,10 +1042,10 @@ static int lxc_send_ttys_to_parent(struct lxc_handler *handler)
 	}
 
 	if (ret < 0)
-		ERROR("Failed to send %d ttys to parent: %s", conf->tty,
+		ERROR("Failed to send %zu ttys to parent: %s", ttys->max,
 		      strerror(errno));
 	else
-		TRACE("Sent %d ttys to parent", conf->tty);
+		TRACE("Sent %zu ttys to parent", ttys->max);
 
 	return ret;
 }
@@ -1078,10 +1075,10 @@ static int lxc_create_ttys(struct lxc_handler *handler)
 		}
 	}
 
-	if (conf->pty_names) {
-		ret = setenv("container_ttys", conf->pty_names, 1);
+	if (conf->ttys.tty_names) {
+		ret = setenv("container_ttys", conf->ttys.tty_names, 1);
 		if (ret < 0)
-			SYSERROR("Failed to set \"container_ttys=%s\"", conf->pty_names);
+			SYSERROR("Failed to set \"container_ttys=%s\"", conf->ttys.tty_names);
 	}
 
 	ret = 0;
@@ -1526,14 +1523,14 @@ static int lxc_setup_devpts(struct lxc_conf *conf)
 	const char *default_devpts_mntopts = "gid=5,newinstance,ptmxmode=0666,mode=0620";
 	char devpts_mntopts[256];
 
-	if (conf->pts <= 0) {
+	if (conf->pty_max <= 0) {
 		DEBUG("No new devpts instance will be mounted since no pts "
 		      "devices are requested");
 		return 0;
 	}
 
-	ret = snprintf(devpts_mntopts, sizeof(devpts_mntopts), "%s,max=%d",
-		       default_devpts_mntopts, conf->pts);
+	ret = snprintf(devpts_mntopts, sizeof(devpts_mntopts), "%s,max=%zu",
+		       default_devpts_mntopts, conf->pty_max);
 	if (ret < 0 || (size_t)ret >= sizeof(devpts_mntopts))
 		return -1;
 
@@ -3480,7 +3477,7 @@ int lxc_setup(struct lxc_handler *handler)
 	}
 
 	ret = lxc_setup_console(&lxc_conf->rootfs, &lxc_conf->console,
-				lxc_conf->ttydir);
+				lxc_conf->ttys.dir);
 	if (ret < 0) {
 		ERROR("Failed to setup console");
 		return -1;
@@ -3890,14 +3887,14 @@ void lxc_conf_free(struct lxc_conf *conf)
 	if (conf->logfd != -1)
 		close(conf->logfd);
 	free(conf->utsname);
-	free(conf->ttydir);
+	free(conf->ttys.dir);
+	free(conf->ttys.tty_names);
 	free(conf->fstab);
 	free(conf->rcfile);
 	free(conf->execute_cmd);
 	free(conf->init_cmd);
 	free(conf->init_cwd);
 	free(conf->unexpanded_config);
-	free(conf->pty_names);
 	free(conf->syslog);
 	lxc_free_networks(&conf->network);
 	free(conf->lsm_aa_profile);

src/lxc/conf.h

@@ -78,12 +78,13 @@ struct lxc_cgroup {
 };
 
 #if !HAVE_SYS_RESOURCE_H
-# define RLIM_INFINITY ((unsigned long)-1)
+#define RLIM_INFINITY ((unsigned long)-1)
 struct rlimit {
 	unsigned long rlim_cur;
 	unsigned long rlim_max;
 };
 #endif
+
 /*
  * Defines a structure to configure resource limits to set via setrlimit().
  * @resource : the resource name in lowercase without the RLIMIT_ prefix
@@ -136,10 +137,12 @@ struct id_map {
 
 /* Defines the number of tty configured and contains the
  * instantiated ptys
- * @nbtty = number of configured ttys
+ * @max = number of configured ttys
  */
 struct lxc_tty_info {
-	int nbtty;
+	size_t max;
+	char *dir;
+	char *tty_names;
 	struct lxc_terminal_info *tty;
 };
 
@@ -161,51 +164,34 @@ struct lxc_rootfs {
  * Automatic mounts for LXC to perform inside the container
  */
 enum {
-	LXC_AUTO_PROC_RW              = 0x001,   /* /proc read-write */
-	LXC_AUTO_PROC_MIXED           = 0x002,   /* /proc/sys and /proc/sysrq-trigger read-only */
+	LXC_AUTO_PROC_RW              = 0x001, /* /proc read-write */
+	LXC_AUTO_PROC_MIXED           = 0x002, /* /proc/sys and /proc/sysrq-trigger read-only */
 	LXC_AUTO_PROC_MASK            = 0x003,
 
-	LXC_AUTO_SYS_RW               = 0x004,   /* /sys */
-	LXC_AUTO_SYS_RO               = 0x008,   /* /sys read-only */
-	LXC_AUTO_SYS_MIXED            = 0x00C,   /* /sys read-only and /sys/class/net read-write */
+	LXC_AUTO_SYS_RW               = 0x004, /* /sys */
+	LXC_AUTO_SYS_RO               = 0x008, /* /sys read-only */
+	LXC_AUTO_SYS_MIXED            = 0x00C, /* /sys read-only and /sys/class/net read-write */
 	LXC_AUTO_SYS_MASK             = 0x00C,
 
-	LXC_AUTO_CGROUP_RO            = 0x010,   /* /sys/fs/cgroup (partial mount, read-only) */
-	LXC_AUTO_CGROUP_RW            = 0x020,   /* /sys/fs/cgroup (partial mount, read-write) */
-	LXC_AUTO_CGROUP_MIXED         = 0x030,   /* /sys/fs/cgroup (partial mount, paths r/o, cgroup r/w) */
-	LXC_AUTO_CGROUP_FULL_RO       = 0x040,   /* /sys/fs/cgroup (full mount, read-only) */
-	LXC_AUTO_CGROUP_FULL_RW       = 0x050,   /* /sys/fs/cgroup (full mount, read-write) */
-	LXC_AUTO_CGROUP_FULL_MIXED    = 0x060,   /* /sys/fs/cgroup (full mount, parent r/o, own r/w) */
-	/* These are defined in such a way as to retain
-	 * binary compatibility with earlier versions of
-	 * this code. If the previous mask is applied,
-	 * both of these will default back to the _MIXED
-	 * variants, which is safe. */
-	LXC_AUTO_CGROUP_NOSPEC        = 0x0B0,   /* /sys/fs/cgroup (partial mount, r/w or mixed, depending on caps) */
-	LXC_AUTO_CGROUP_FULL_NOSPEC   = 0x0E0,   /* /sys/fs/cgroup (full mount, r/w or mixed, depending on caps) */
-	LXC_AUTO_CGROUP_FORCE         = 0x100,   /* mount cgroups even when cgroup namespaces are supported */
-	LXC_AUTO_CGROUP_MASK          = 0x1F0,   /* all known cgroup options, doe not contain LXC_AUTO_CGROUP_FORCE */
-	LXC_AUTO_ALL_MASK             = 0x1FF,   /* all known settings */
+	LXC_AUTO_CGROUP_RO            = 0x010, /* /sys/fs/cgroup (partial mount, read-only) */
+	LXC_AUTO_CGROUP_RW            = 0x020, /* /sys/fs/cgroup (partial mount, read-write) */
+	LXC_AUTO_CGROUP_MIXED         = 0x030, /* /sys/fs/cgroup (partial mount, paths r/o, cgroup r/w) */
+	LXC_AUTO_CGROUP_FULL_RO       = 0x040, /* /sys/fs/cgroup (full mount, read-only) */
+	LXC_AUTO_CGROUP_FULL_RW       = 0x050, /* /sys/fs/cgroup (full mount, read-write) */
+	LXC_AUTO_CGROUP_FULL_MIXED    = 0x060, /* /sys/fs/cgroup (full mount, parent r/o, own r/w) */
+	/*
+	 * These are defined in such a way as to retain binary compatibility
+	 * with earlier versions of this code. If the previous mask is applied,
+	 * both of these will default back to the _MIXED variants, which is
+	 * safe.
+	 */
+	LXC_AUTO_CGROUP_NOSPEC        = 0x0B0, /* /sys/fs/cgroup (partial mount, r/w or mixed, depending on caps) */
+	LXC_AUTO_CGROUP_FULL_NOSPEC   = 0x0E0, /* /sys/fs/cgroup (full mount, r/w or mixed, depending on caps) */
+	LXC_AUTO_CGROUP_FORCE         = 0x100, /* mount cgroups even when cgroup namespaces are supported */
+	LXC_AUTO_CGROUP_MASK          = 0x1F0, /* all known cgroup options, doe not contain LXC_AUTO_CGROUP_FORCE */
+	LXC_AUTO_ALL_MASK             = 0x1FF, /* all known settings */
 };
 
-/*
- * Defines the global container configuration
- * @rootfs     : root directory to run the container
- * @mount      : list of mount points
- * @tty        : numbers of tty
- * @pts        : new pts instance
- * @mount_list : list of mount point (alternative to fstab file)
- * @network    : network configuration
- * @utsname    : container utsname
- * @fstab      : path to a fstab file format
- * @caps       : list of the capabilities to drop
- * @keepcaps   : list of the capabilities to keep
- * @ttys       : tty data
- * @console    : console data
- * @ttydir     : directory (under /dev) in which to create console and ttys
- * @lsm_aa_profile : apparmor profile to switch to or NULL
- * @lsm_se_context : selinux type to switch to or NULL
- */
 enum lxchooks {
 	LXCHOOK_PRESTART,
 	LXCHOOK_PREMOUNT,
@@ -230,40 +216,52 @@ struct lxc_state_client {
 struct lxc_conf {
 	/* Pointer to the name of the container. Do not free! */
 	const char *name;
-	int is_execute;
-	char *fstab;
-	unsigned int tty;
-	unsigned int pts;
+	bool is_execute;
 	int reboot;
 	signed long personality;
 	struct utsname *utsname;
+
 	struct {
 		struct lxc_list cgroup;
 		struct lxc_list cgroup2;
 	};
+
 	struct {
 		struct lxc_list id_map;
 
-		/* Pointer to the idmap entry for the container's root uid in
-		 * the id_map list. Do not free! */
+		/*
+		 * Pointer to the idmap entry for the container's root uid in
+		 * the id_map list. Do not free!
+		 */
 		struct id_map *root_nsuid_map;
 
-		/* Pointer to the idmap entry for the container's root gid in
-		 * the id_map list. Do not free! */
+		/*
+		 * Pointer to the idmap entry for the container's root gid in
+		 * the id_map list. Do not free!
+		 */
 		struct id_map *root_nsgid_map;
 	};
+
 	struct lxc_list network;
-	int auto_mounts;
-	struct lxc_list mount_list;
+
+	struct {
+		char *fstab;
+		int auto_mounts;
+		struct lxc_list mount_list;
+	};
+
 	struct lxc_list caps;
 	struct lxc_list keepcaps;
+
+	/* /dev/tty<idx> devices */
 	struct lxc_tty_info ttys;
-	/* Comma-separated list of lxc.tty.max pty names. */
-	char *pty_names;
+	/* /dev/console device */
 	struct lxc_terminal console;
+	/* maximum pty devices allowed by devpts mount */
+	size_t pty_max;
+
 	struct lxc_rootfs rootfs;
-	char *ttydir;
-	int close_all_fds;
+	bool close_all_fds;
 
 	struct {
 		unsigned int hooks_version;