8
8
#include <sys/ioctl.h>
9
9
#include <sys/wait.h>
10
10
#include <sys/socket.h>
11
- #include <sys/mount.h>
12
11
#include <dirent.h>
13
12
#include <sched.h>
14
13
#include <errno.h>
24
23
#include "parse.h"
25
24
#include "syscall.h"
26
25
26
+ static int hyper_release_exec (struct hyper_exec * , struct hyper_pod * );
27
+ static void hyper_exec_process (struct hyper_exec * exec );
28
+
27
29
static int send_exec_finishing (uint64_t seq , int len , int code , int block )
28
30
{
29
31
struct hyper_buf * buf = & ctl .tty .wbuf ;
@@ -202,7 +204,7 @@ struct hyper_event_ops err_ops = {
202
204
/* don't need write buff, the stderr data is one way */
203
205
};
204
206
205
- int hyper_setup_exec_user (struct hyper_exec * exec )
207
+ static int hyper_setup_exec_user (struct hyper_exec * exec )
206
208
{
207
209
char * user = exec -> user == NULL || strlen (exec -> user ) == 0 ? NULL : exec -> user ;
208
210
char * group = exec -> group == NULL || strlen (exec -> group ) == 0 ? NULL : exec -> group ;
@@ -333,7 +335,7 @@ static int hyper_setup_exec_notty(struct hyper_exec *e)
333
335
return 0 ;
334
336
}
335
337
336
- int hyper_setup_exec_tty (struct hyper_exec * e )
338
+ static int hyper_setup_exec_tty (struct hyper_exec * e )
337
339
{
338
340
int unlock = 0 ;
339
341
int ptymaster ;
@@ -410,7 +412,7 @@ int hyper_setup_exec_tty(struct hyper_exec *e)
410
412
return 0 ;
411
413
}
412
414
413
- int hyper_dup_exec_tty (struct hyper_exec * e )
415
+ static int hyper_dup_exec_tty (struct hyper_exec * e )
414
416
{
415
417
int ret = -1 ;
416
418
@@ -457,7 +459,7 @@ int hyper_dup_exec_tty(struct hyper_exec *e)
457
459
return ret ;
458
460
}
459
461
460
- int hyper_watch_exec_pty (struct hyper_exec * exec , struct hyper_pod * pod )
462
+ static int hyper_watch_exec_pty (struct hyper_exec * exec , struct hyper_pod * pod )
461
463
{
462
464
fprintf (stdout , "hyper_init_event container pts event %p, ops %p, fd %d\n" ,
463
465
& exec -> stdinev , & in_ops , exec -> stdinev .fd );
@@ -488,107 +490,34 @@ int hyper_watch_exec_pty(struct hyper_exec *exec, struct hyper_pod *pod)
488
490
return 0 ;
489
491
}
490
492
491
- static int hyper_enter_container (struct hyper_pod * pod ,
492
- struct hyper_exec * exec )
493
+ static int hyper_do_exec_cmd (struct hyper_exec * exec , struct hyper_pod * pod , int pipe )
493
494
{
494
- int ipcns , utsns , mntns , ret ;
495
495
struct hyper_container * c ;
496
- char path [512 ];
497
496
498
- ret = ipcns = utsns = mntns = -1 ;
497
+ if (hyper_enter_sandbox (pod , pipe ) < 0 ) {
498
+ perror ("enter pidns of pod init failed" );
499
+ hyper_send_type (pipe , -1 );
500
+ goto out ;
501
+ }
499
502
500
503
c = hyper_find_container (pod , exec -> id );
501
504
if (c == NULL ) {
502
505
fprintf (stderr , "can not find container %s\n" , exec -> id );
503
- return -1 ;
504
- }
505
-
506
- sprintf (path , "/proc/%d/ns/uts" , pod -> init_pid );
507
- utsns = open (path , O_RDONLY | O_CLOEXEC );
508
- if (utsns < 0 ) {
509
- perror ("fail to open utsns of pod init" );
510
- goto out ;
511
- }
512
-
513
- sprintf (path , "/proc/%d/ns/ipc" , pod -> init_pid );
514
- ipcns = open (path , O_RDONLY | O_CLOEXEC );
515
- if (ipcns < 0 ) {
516
- perror ("fail to open ipcns of pod init" );
517
- goto out ;
518
- }
519
-
520
- mntns = c -> ns ;
521
- if (mntns < 0 ) {
522
- perror ("fail to open mntns of pod init" );
523
506
goto out ;
524
507
}
525
508
526
- if (setns (utsns , CLONE_NEWUTS ) < 0 ||
527
- setns (ipcns , CLONE_NEWIPC ) < 0 ||
528
- setns (mntns , CLONE_NEWNS ) < 0 ) {
509
+ if (setns (c -> ns , CLONE_NEWNS ) < 0 ) {
529
510
perror ("fail to enter container ns" );
530
511
goto out ;
531
512
}
513
+ chdir ("/" );
532
514
533
515
/* TODO: merge container env to exec env in hyperd */
534
516
if (hyper_setup_env (c -> exec .envs , c -> exec .envs_num ) < 0 ) {
535
517
fprintf (stderr , "setup container envs for exec failed\n" );
536
518
goto out ;
537
519
}
538
520
539
- /* TODO: wait for container finishing setup root */
540
- chdir ("/" );
541
-
542
- /* already in pidns & mntns of container, mount proc filesystem */
543
- if (exec -> init && mount ("proc" , "/proc" , "proc" , MS_NOSUID | MS_NODEV | MS_NOEXEC , NULL ) < 0 ) {
544
- perror ("fail to mount proc filesystem for container" );
545
- goto out ;
546
- }
547
-
548
- ret = 0 ;
549
- out :
550
- close (ipcns );
551
- close (utsns );
552
-
553
- return ret ;
554
- }
555
-
556
- static int hyper_do_exec_cmd (struct hyper_exec * exec , struct hyper_pod * pod , int pipe )
557
- {
558
- int pid = -1 , ret = -1 ;
559
- char path [512 ];
560
- int pidns ;
561
-
562
- sprintf (path , "/proc/%d/ns/pid" , pod -> init_pid );
563
- pidns = open (path , O_RDONLY | O_CLOEXEC );
564
- if (pidns < 0 ) {
565
- perror ("fail to open pidns of pod init" );
566
- goto out ;
567
- }
568
-
569
- /* enter pidns of pod init, so the children of this process will run in
570
- * pidns of pod init, see man 2 setns */
571
- if (setns (pidns , CLONE_NEWPID ) < 0 ) {
572
- perror ("enter pidns of pod init failed" );
573
- goto out ;
574
- }
575
- close (pidns );
576
-
577
- pid = fork ();
578
- if (pid < 0 ) {
579
- perror ("fail to fork" );
580
- goto out ;
581
- } else if (pid > 0 ) {
582
- fprintf (stdout , "create exec cmd %s pid %d,ref %d\n" , exec -> argv [0 ], pid , exec -> ref );
583
- ret = 0 ;
584
- goto out ;
585
- }
586
-
587
- if (hyper_enter_container (pod , exec ) < 0 ) {
588
- fprintf (stderr , "enter container ns failed\n" );
589
- goto exit ;
590
- }
591
-
592
521
// set early env. the container env config can overwrite it
593
522
setenv ("HOME" , "/root" , 1 );
594
523
setenv ("HOSTNAME" , pod -> hostname , 1 );
@@ -599,15 +528,12 @@ static int hyper_do_exec_cmd(struct hyper_exec *exec, struct hyper_pod *pod, int
599
528
600
529
hyper_exec_process (exec );
601
530
602
- exit :
603
- _exit (125 );
604
531
out :
605
- hyper_send_type (pipe , pid );
606
- _exit (ret );
532
+ _exit (125 );
607
533
}
608
534
609
535
// do the exec, no return
610
- void hyper_exec_process (struct hyper_exec * exec )
536
+ static void hyper_exec_process (struct hyper_exec * exec )
611
537
{
612
538
if (sigprocmask (SIG_SETMASK , & orig_mask , NULL ) < 0 ) {
613
539
perror ("sigprocmask restore mask failed" );
@@ -624,7 +550,7 @@ void hyper_exec_process(struct hyper_exec *exec)
624
550
goto exit ;
625
551
}
626
552
627
- // set the container env
553
+ // set the process env
628
554
if (hyper_setup_env (exec -> envs , exec -> envs_num ) < 0 ) {
629
555
fprintf (stderr , "setup env failed\n" );
630
556
goto exit ;
@@ -773,8 +699,8 @@ static int hyper_send_pod_finished(struct hyper_pod *pod)
773
699
return ret ;
774
700
}
775
701
776
- int hyper_release_exec (struct hyper_exec * exec ,
777
- struct hyper_pod * pod )
702
+ static int hyper_release_exec (struct hyper_exec * exec ,
703
+ struct hyper_pod * pod )
778
704
{
779
705
if (-- exec -> ref != 0 ) {
780
706
fprintf (stdout , "still have %d user of exec\n" , exec -> ref );
0 commit comments