int
virtTestCaptureProgramOutput(const char *const argv[], char **buf, int maxlen)
{
int pipefd[2];
int len;
if (pipe(pipefd) < 0)
return -1;
pid_t pid = fork();
switch (pid) {
case 0:
VIR_FORCE_CLOSE(pipefd[0]);
virtTestCaptureProgramExecChild(argv, pipefd[1]);
VIR_FORCE_CLOSE(pipefd[1]);
_exit(1);
case -1:
return -1;
default:
VIR_FORCE_CLOSE(pipefd[1]);
len = virFileReadLimFD(pipefd[0], maxlen, buf);
VIR_FORCE_CLOSE(pipefd[0]);
if (virProcessWait(pid, NULL) < 0)
return -1;
return len;
}
}
static int daemonForkIntoBackground(const char *argv0)
{
int statuspipe[2];
if (pipe(statuspipe) < 0)
return -1;
pid_t pid = fork();
switch (pid) {
case 0:
{
/* intermediate child */
int stdinfd = -1;
int stdoutfd = -1;
int nextpid;
VIR_FORCE_CLOSE(statuspipe[0]);
if ((stdinfd = open("/dev/null", O_RDONLY)) < 0)
goto cleanup;
if ((stdoutfd = open("/dev/null", O_WRONLY)) < 0)
goto cleanup;
if (dup2(stdinfd, STDIN_FILENO) != STDIN_FILENO)
goto cleanup;
if (dup2(stdoutfd, STDOUT_FILENO) != STDOUT_FILENO)
goto cleanup;
if (dup2(stdoutfd, STDERR_FILENO) != STDERR_FILENO)
goto cleanup;
if (stdinfd > STDERR_FILENO && VIR_CLOSE(stdinfd) < 0)
goto cleanup;
if (stdoutfd > STDERR_FILENO && VIR_CLOSE(stdoutfd) < 0)
goto cleanup;
if (setsid() < 0)
goto cleanup;
nextpid = fork();
switch (nextpid) {
case 0: /* grandchild */
return statuspipe[1];
case -1: /* error */
goto cleanup;
default: /* intermediate child succeeded */
_exit(EXIT_SUCCESS);
}
cleanup:
VIR_FORCE_CLOSE(stdoutfd);
VIR_FORCE_CLOSE(stdinfd);
VIR_FORCE_CLOSE(statuspipe[1]);
_exit(EXIT_FAILURE);
}
case -1: /* error in parent */
goto error;
default:
{
/* parent */
int ret;
char status;
VIR_FORCE_CLOSE(statuspipe[1]);
/* We wait to make sure the first child forked successfully */
if (virProcessWait(pid, NULL, false) < 0)
goto error;
/* If we get here, then the grandchild was spawned, so we
* must exit. Block until the second child initializes
* successfully */
again:
ret = read(statuspipe[0], &status, 1);
if (ret == -1 && errno == EINTR)
goto again;
VIR_FORCE_CLOSE(statuspipe[0]);
if (ret != 1) {
char ebuf[1024];
fprintf(stderr,
_("%s: error: unable to determine if daemon is "
"running: %s\n"), argv0,
virStrerror(errno, ebuf, sizeof(ebuf)));
exit(EXIT_FAILURE);
} else if (status != 0) {
fprintf(stderr,
_("%s: error: %s. Check /var/log/messages or run "
"without --daemon for more info.\n"), argv0,
virDaemonErrTypeToString(status));
exit(EXIT_FAILURE);
}
_exit(EXIT_SUCCESS);
}
}
error:
VIR_FORCE_CLOSE(statuspipe[0]);
VIR_FORCE_CLOSE(statuspipe[1]);
return -1;
}
int
main(int argc, char **argv)
{
virConfPtr conf = NULL;
const char *login_shell_path = conf_file;
pid_t cpid = -1;
int ret = EXIT_CANCELED;
int status;
uid_t uid = getuid();
gid_t gid = getgid();
char *name = NULL;
char **shargv = NULL;
virSecurityModelPtr secmodel = NULL;
virSecurityLabelPtr seclabel = NULL;
virDomainPtr dom = NULL;
virConnectPtr conn = NULL;
char *homedir = NULL;
int arg;
int longindex = -1;
int ngroups;
gid_t *groups = NULL;
ssize_t nfdlist = 0;
int *fdlist = NULL;
int openmax;
size_t i;
struct option opt[] = {
{"help", no_argument, NULL, 'h'},
{"version", optional_argument, NULL, 'V'},
{NULL, 0, NULL, 0}
};
if (virInitialize() < 0) {
fprintf(stderr, _("Failed to initialize libvirt error handling"));
return EXIT_CANCELED;
}
setenv("PATH", "/bin:/usr/bin", 1);
virSetErrorFunc(NULL, NULL);
virSetErrorLogPriorityFunc(NULL);
progname = argv[0];
if (!setlocale(LC_ALL, "")) {
perror("setlocale");
/* failure to setup locale is not fatal */
}
if (!bindtextdomain(PACKAGE, LOCALEDIR)) {
perror("bindtextdomain");
return ret;
}
if (!textdomain(PACKAGE)) {
perror("textdomain");
return ret;
}
while ((arg = getopt_long(argc, argv, "hV", opt, &longindex)) != -1) {
switch (arg) {
case 'h':
usage();
exit(EXIT_SUCCESS);
case 'V':
show_version();
exit(EXIT_SUCCESS);
case '?':
default:
usage();
exit(EXIT_CANCELED);
}
}
if (argc > optind) {
virReportSystemError(EINVAL, _("%s takes no options"), progname);
goto cleanup;
}
if (uid == 0) {
virReportSystemError(EPERM, _("%s must be run by non root users"),
progname);
goto cleanup;
}
name = virGetUserName(uid);
if (!name)
goto cleanup;
homedir = virGetUserDirectoryByUID(uid);
if (!homedir)
goto cleanup;
if (!(conf = virConfReadFile(login_shell_path, 0)))
goto cleanup;
if ((ngroups = virGetGroupList(uid, gid, &groups)) < 0)
goto cleanup;
if (virLoginShellAllowedUser(conf, name, groups) < 0)
goto cleanup;
if (!(shargv = virLoginShellGetShellArgv(conf)))
goto cleanup;
conn = virConnectOpen("lxc:///");
if (!conn)
goto cleanup;
dom = virDomainLookupByName(conn, name);
if (!dom)
goto cleanup;
if (!virDomainIsActive(dom) && virDomainCreate(dom)) {
virErrorPtr last_error;
last_error = virGetLastError();
if (last_error->code != VIR_ERR_OPERATION_INVALID) {
virReportSystemError(last_error->code,
_("Can't create %s container: %s"),
name, last_error->message);
goto cleanup;
}
}
openmax = sysconf(_SC_OPEN_MAX);
if (openmax < 0) {
virReportSystemError(errno, "%s",
_("sysconf(_SC_OPEN_MAX) failed"));
goto cleanup;
}
if ((nfdlist = virDomainLxcOpenNamespace(dom, &fdlist, 0)) < 0)
goto cleanup;
if (VIR_ALLOC(secmodel) < 0)
goto cleanup;
if (VIR_ALLOC(seclabel) < 0)
goto cleanup;
if (virNodeGetSecurityModel(conn, secmodel) < 0)
goto cleanup;
if (virDomainGetSecurityLabel(dom, seclabel) < 0)
goto cleanup;
if (virSetUIDGID(0, 0, NULL, 0) < 0)
goto cleanup;
if (virDomainLxcEnterSecurityLabel(secmodel, seclabel, NULL, 0) < 0)
goto cleanup;
if (nfdlist > 0 &&
virDomainLxcEnterNamespace(dom, nfdlist, fdlist, NULL, NULL, 0) < 0)
goto cleanup;
if (virSetUIDGID(uid, gid, groups, ngroups) < 0)
goto cleanup;
if (chdir(homedir) < 0) {
virReportSystemError(errno, _("Unable to chdir(%s)"), homedir);
goto cleanup;
}
/* A fork is required to create new process in correct pid namespace. */
if ((cpid = virFork()) < 0)
goto cleanup;
if (cpid == 0) {
int tmpfd;
for (i = 3; i < openmax; i++) {
tmpfd = i;
VIR_MASS_CLOSE(tmpfd);
}
if (execv(shargv[0], (char *const*) shargv) < 0) {
virReportSystemError(errno, _("Unable to exec shell %s"),
shargv[0]);
virDispatchError(NULL);
return errno == ENOENT ? EXIT_ENOENT : EXIT_CANNOT_INVOKE;
}
}
/* At this point, the parent is now waiting for the child to exit,
* but as that may take a long time, we release resources now. */
cleanup:
if (nfdlist > 0)
for (i = 0; i < nfdlist; i++)
VIR_FORCE_CLOSE(fdlist[i]);
VIR_FREE(fdlist);
virConfFree(conf);
if (dom)
virDomainFree(dom);
if (conn)
virConnectClose(conn);
virStringFreeList(shargv);
VIR_FREE(name);
VIR_FREE(homedir);
VIR_FREE(seclabel);
VIR_FREE(secmodel);
VIR_FREE(groups);
if (virProcessWait(cpid, &status, true) == 0)
virProcessExitWithStatus(status);
if (virGetLastError())
virDispatchError(NULL);
return ret;
}