This gateway is responsible for exposing device nodes in an LXC container. More...

#include <devicenodegateway.h>

Inheritance diagram for softwarecontainer::DeviceNodeGateway:

Collaboration diagram for softwarecontainer::DeviceNodeGateway:

Public Types
enum	GatewayState : unsigned int { CREATED, CONFIGURED, ACTIVATED }

Public Member Functions
	DeviceNodeGateway (std::shared_ptr< ContainerAbstractInterface > container)

virtual bool	readConfigElement (const json_t *element) override
	Gateway specific parsing of config elements. More...

virtual bool	activateGateway () override
	Implements Gateway::activateGateway. More...

virtual bool	teardownGateway () override
	Implements Gateway::teardownGateway. More...

virtual std::string	id () const
	Returns the ID of the gateway. More...

virtual bool	setConfig (const json_t *config)
	Configure this gateway according to the supplied JSON configuration string. More...

virtual bool	activate ()
	Applies any configuration set by setConfig() More...

virtual bool	teardown ()
	Restore system to the state prior to launching of gateway. More...

virtual bool	isConfigured ()
	Is the gateway configured or not? More...

virtual bool	isActivated ()
	Is the gateway activated or not? More...

bool	bindMount (const std::string &src, const std::string &dst, const std::string &tmpContainerRoot, bool readOnly, bool writeBufferEnabled=false)
	bindMount Bind mount a src directory to another position dst. More...

bool	tmpfsMount (const std::string dst, const int maxSize)
	tmpfsMount Mount a tmpfs in the dst path and limit size of the tmpfs to maxSize More...

Static Public Attributes
static constexpr const char *	ID

Protected Member Functions
std::shared_ptr< ContainerAbstractInterface >	getContainer ()
	Get a handle to the associated container. More...

bool	setEnvironmentVariable (const std::string &variable, const std::string &value)
	Set an environment variable in the associated container. More...

bool	writeToFile (const std::string &path, const std::string &content)

void	markFileForDeletion (const std::string &path)

bool	overlayMount (const std::string &lower, const std::string &upper, const std::string &work, const std::string &dst)
	overlayMount Mount a directory with an overlay on top of it. More...

bool	syncOverlayMount (const std::string &lower, const std::string &upper)
	syncOverlayMount Copy the directory structure from upper layer to the lower layer More...

bool	createSharedMountPoint (const std::string &path)
	createSharedMountPoint Make the mount point shared, ie new mount points created in one bind mount will also be created in the other mount point. More...

bool	pathInList (const std::string path)
	checks whether given path is already added to clean up handlers or not More...

Protected Attributes
bool	m_activatedOnce

std::vector< std::unique_ptr< CleanUpHandler > >	m_cleanupHandlers
	m_cleanupHandlers A vector of cleanupHandlers added during the lifetime of the FileToolKitWithUndo that will be run from the destructor. More...

std::vector< std::unique_ptr< CreateDir > >	m_createDirList
	m_createDirList A vector of CreateDir classes. More...

Detailed Description

This gateway is responsible for exposing device nodes in an LXC container.

The basic operation looks as follows:

DeviceNodeGateway (DNG) is loaded with a JSON configuration detailing a list of devices to create, with device names (mandatory) and permission modes (optional)

Notes:

activate() will stop creating devices in the container upon first failure

Definition at line 41 of file devicenodegateway.h.

Member Function Documentation

bool softwarecontainer::DeviceNodeGateway::readConfigElement ( const json_t * element )

overridevirtual

Gateway specific parsing of config elements.

All gateways implement this method in order to provide gateway specific parsing of the configuration content.

Parameters

element A JSON configuration item.

Returns: false if an error was encountered while parsing, true otherwise.

Implements softwarecontainer::Gateway.

Definition at line 32 of file devicenodegateway.cpp.

References softwarecontainer::Device::parse().

 {
     Device dev;
 
     if (!dev.parse(element)) {
         log_error() << "Could not parse device node configuration";
         return false;
     }
 
     return m_logic.updateDeviceList(dev);
 }

Here is the call graph for this function:

bool softwarecontainer::DeviceNodeGateway::activateGateway ( )

overridevirtual

Implements Gateway::activateGateway.

This function will iterate over all devices and issue mknod and chmod commands, which are run in the container.

Returns: true upon success; all commands executed successfully; false otherwise

Implements softwarecontainer::Gateway.

Definition at line 44 of file devicenodegateway.cpp.

 {
     auto devlist = m_logic.getDevList();
     if (devlist.empty()) {
         log_info() << "Activate was called when no devices has been configured.";
         return false;
     }
 
     for (auto &dev : devlist) {
         if (!dev->activate(getContainer())) {
             return false;
         }
     }
     return true;
 }

bool softwarecontainer::DeviceNodeGateway::teardownGateway ( )

overridevirtual

Implements Gateway::teardownGateway.

Implements softwarecontainer::Gateway.

Definition at line 60 of file devicenodegateway.cpp.

 {
     return true;
 }

std::string softwarecontainer::Gateway::id ( ) const

virtualinherited

Returns the ID of the gateway.

Returns: Returns the ID of the gateway as a string

Definition at line 36 of file gateway.cpp.

Referenced by softwarecontainer::Gateway::activate(), softwarecontainer::DBusGatewayInstance::DBusGatewayInstance(), softwarecontainer::Gateway::setConfig(), and softwarecontainer::Gateway::teardown().

 {
     return m_id;
 }

Here is the caller graph for this function:

bool softwarecontainer::Gateway::setConfig ( const json_t * config )

virtualinherited

Configure this gateway according to the supplied JSON configuration string.

Parameters

config JSON string containing gateway-specific JSON configuration

Returns: true if config was successfully parsed, false otherwise

Exceptions

GatewayError If called on an already activated gateway.

Reimplemented in softwarecontainer::DBusGateway.

Definition at line 41 of file gateway.cpp.

References softwarecontainer::Gateway::id(), and softwarecontainer::Gateway::readConfigElement().

 {
     if (GatewayState::ACTIVATED == m_state && !m_isDynamic) {
         std::string message = "Can not configure a gateway that is already activated "
                               "if the gateway does not support dynamic behavior. "
                               "Gateway ID: " + id();
         log_error() << message;
         throw GatewayError(message);
     }
 
     if (!json_is_array(config)) {
         log_error() << "Root JSON element is not an array";
         return false;
     }
 
     if (json_array_size(config) == 0) {
         log_error() << "Root JSON array is empty";
         return false;
     }
 
     for(size_t i = 0; i < json_array_size(config); i++) {
         json_t *element = json_array_get(config, i);
         if (!json_is_object(element)) {
             log_error() << "json configuration is not an object";
             return false;
         }
 
         if (!readConfigElement(element)) {
             log_warning() << "Could not read config element";
             return false;
         }
     }
 
     m_state = GatewayState::CONFIGURED;
     return true;
 }

Here is the call graph for this function:

bool softwarecontainer::Gateway::activate ( )

virtualinherited

Applies any configuration set by setConfig()

Returns: true upon successful application of configuration, false otherwise

Exceptions

GatewayError If called on an already activated gateway, or if the gateway has not been previously configured, or if there is not container instance set.

Reimplemented in softwarecontainer::DBusGateway.

Definition at line 78 of file gateway.cpp.

References softwarecontainer::Gateway::id().

                        {
     if (GatewayState::ACTIVATED == m_state && !m_isDynamic) {
         std::string message =  "Can not activate a gateway that is already activated "
                                "if the gateway does not support dynamic behavior. "
                                "Gateway ID: " + id();
         log_error() << message;
         throw GatewayError(message);
     }
 
     if (GatewayState::CONFIGURED != m_state) {
         std::string message = "Activate was called on a gateway which is not in configured state. "
                               "Gateway ID: " + id();
         log_error() << message;
         throw GatewayError(message);
     }
 
     if (!activateGateway()) {
         log_error() << "Couldn't activate gateway: " << id();
         return false;
     }
 
     m_state = GatewayState::ACTIVATED;
     return true;
 }

Here is the call graph for this function:

bool softwarecontainer::Gateway::teardown ( )

virtualinherited

Restore system to the state prior to launching of gateway.

Any cleanup code (removal of files, virtual interfaces, etc) should be placed here.

Returns: true upon successful clean-up, false otherwise

Exceptions

GatewayError If called on a non activated gateway.

Reimplemented in softwarecontainer::DBusGateway.

Definition at line 103 of file gateway.cpp.

References softwarecontainer::Gateway::id().

Referenced by softwarecontainer::DBusGatewayInstance::DBusGatewayInstance().

                        {
     /* At this point, a gateway should either be in state ACTIVATED if it is non-dynamic, or
        if it is dynamic it should have been activated at least once before.
      */
     if (GatewayState::ACTIVATED != m_state && !m_activatedOnce) {
         std::string message = "Teardown called on non-activated gateway. Gateway ID:  " + id();
         log_error() << message;
         throw GatewayError(message);
     }
 
     if (!teardownGateway()) {
         log_error() << "Could not tear down gateway: " << id();
         return false;
     }
 
     // Return to a state of nothingness
     m_state = GatewayState::CREATED;
 
     /* Since we have been torn down, we should not be considered to have been
        activated any more. */
     m_activatedOnce = false;
 
     return true;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool softwarecontainer::Gateway::isConfigured ( )

virtualinherited

Is the gateway configured or not?

Reimplemented in softwarecontainer::DBusGateway.

Definition at line 134 of file gateway.cpp.

 {
     return m_state >= GatewayState::CONFIGURED;
 }

bool softwarecontainer::Gateway::isActivated ( )

virtualinherited

Is the gateway activated or not?

Dynamic gateways will return true if they have been activated at least once. Non-dynamic gateways will return true if they are in state ACTIVATED

Reimplemented in softwarecontainer::DBusGateway.

Definition at line 139 of file gateway.cpp.

Referenced by softwarecontainer::DBusGatewayInstance::DBusGatewayInstance().

 {
     // For dynamic gateways it's only relevant to know if it has been activated
     // at least once, the current state is not important
     if (m_isDynamic) {
         return m_activatedOnce;
     }
 
     // For non-dynamic gateways, the current state is the only relevant info
     return m_state >= GatewayState::ACTIVATED;
 }

Here is the caller graph for this function:

std::shared_ptr< ContainerAbstractInterface > softwarecontainer::Gateway::getContainer ( )

protectedinherited

Get a handle to the associated container.

Exceptions

GatewayError If called before setContainer() has been called.

Definition at line 128 of file gateway.cpp.

Referenced by softwarecontainer::NetworkGateway::activateGateway(), softwarecontainer::DBusGatewayInstance::activateGateway(), softwarecontainer::WaylandGateway::readConfigElement(), and softwarecontainer::NetworkGateway::teardownGateway().

 {
     std::shared_ptr<ContainerAbstractInterface> ptrCopy = m_container;
     return ptrCopy;
 }

Here is the caller graph for this function:

bool softwarecontainer::Gateway::setEnvironmentVariable	(	const std::string &	variable,
		const std::string &	value
	)

protectedinherited

Set an environment variable in the associated container.

bool softwarecontainer::FileToolkitWithUndo::bindMount	(	const std::string &	src,
		const std::string &	dst,
		const std::string &	tmpContainerRoot,
		bool	readOnly,
		bool	writeBufferEnabled = `false`
	)

inherited

bindMount Bind mount a src directory to another position dst.

Parameters

src	Path to mount from
dst	Path to mount to
readOnly	Make the bind mount destination read only
writeBufferEnabled	Enable write buffers on the bind mount.

Returns: true on success, false on failure

Definition at line 53 of file filetoolkitwithundo.cpp.

References softwarecontainer::existsInFileSystem(), softwarecontainer::isDirectory(), and softwarecontainer::FileToolkitWithUndo::m_createDirList.

Referenced by softwarecontainer::Container::bindMountInContainer().

 {
     unsigned long flags =  0;
     std::string fstype;
     int mountRes;
     std::unique_ptr<CreateDir> createDirInstance = std::unique_ptr<CreateDir>(new CreateDir());
 
     if (!existsInFileSystem(src)) {
         log_error() << src << " does not exist on the host, can not bindMount";
         return false;
     }
 
     if (!existsInFileSystem(dst)) {
         log_error() << dst << " does not exist on the host, can not bindMount";
         return false;
     }
 
     log_debug() << "Bind-mounting " << src << " in " << dst << ", flags: " << flags;
 
     if(writeBufferEnabled && isDirectory(src)) {
         std::string upperDir , workDir;
 
         // In case the tmpContainerRoot is set to nothing we need to create a
         // good bindmount directory.
         if (tmpContainerRoot == "") {
             upperDir = createDirInstance->createTempDirectoryFromTemplate("/tmp/sc-bindmount-upper-XXXXXX");
             workDir = createDirInstance->createTempDirectoryFromTemplate("/tmp/sc-bindmount-work-XXXXXX");
         } else {
             upperDir = createDirInstance->createTempDirectoryFromTemplate(tmpContainerRoot + "/bindmount-upper-XXXXXX");
             workDir = createDirInstance->createTempDirectoryFromTemplate(tmpContainerRoot + "/bindmount-work-XXXXXX");
         }
         fstype.assign("overlay");
 
         std::ostringstream os;
         os << "lowerdir=" << src << ",upperdir=" << upperDir << ",workdir=" << workDir;
 
         log_debug() << "writeBufferEnabled, config: " << os.str();
 
         mountRes = mount("overlay", dst.c_str(), fstype.c_str(), flags, os.str().c_str());
         log_debug() << "mountRes: " << mountRes;
     } else {
         const void *data = nullptr;
         flags = MS_BIND;
         mountRes = mount(src.c_str(), dst.c_str(), fstype.c_str(), flags, data);
     }
 
     if (mountRes == 0) {
         log_verbose() << "Bind-mounted folder " << src << " in " << dst;
     } else {
         log_error() << "Could not mount into container: src=" << src
                     << " , dst=" << dst << " err=" << strerror(errno);
         return false;
     }
 
     if (readOnly && !writeBufferEnabled) {
         const void *data = nullptr;
 
         flags = MS_REMOUNT | MS_RDONLY | MS_BIND;
 
         log_debug() << "Re-mounting read-only" << src << " in "
                     << dst << ", flags: " << flags;
         mountRes = mount(src.c_str(), dst.c_str(), fstype.c_str(), flags, data);
         if (mountRes != 0) {
             // Failure
             log_error() << "Could not re-mount " << src << " , read-only on "
                         << dst << " err=" << strerror(errno);
             return false;
         }
     }
     m_createDirList.push_back(std::move(createDirInstance));
     return true;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool softwarecontainer::FileToolkitWithUndo::tmpfsMount	(	const std::string	dst,
		const int	maxSize
	)

inherited

tmpfsMount Mount a tmpfs in the dst path and limit size of the tmpfs to maxSize

Parameters

dst	The destination to mount a tmpfs on
maxSize	The max size of the tmpfs being mounted

Returns

Definition at line 177 of file filetoolkitwithundo.cpp.

References softwarecontainer::isDirectoryEmpty(), softwarecontainer::FileToolkitWithUndo::m_cleanupHandlers, and softwarecontainer::FileToolkitWithUndo::m_createDirList.

Referenced by softwarecontainer::SoftwareContainer::SoftwareContainer().

 {
     std::string fstype = "tmpfs";
     unsigned long flags = 0;
     std::unique_ptr<CreateDir> createDirInstance = std::unique_ptr<CreateDir>(new CreateDir());
 
     if (!createDirInstance->createDirectory(dst)) {
         log_error() << "Failed to create " << dst << " directory for tmpfs mount";
         return false;
     }
 
     std::string mountoptions = logging::StringBuilder() << "size=" << maxSize;
 
     bool directoryIsEmpty = isDirectoryEmpty(dst);
 
     int mountRes = mount("tmpfs", dst.c_str(), fstype.c_str(), flags, mountoptions.c_str());
 
     if (0 == mountRes) {
         log_verbose() << "tmpfs mounted in " << dst;
         m_cleanupHandlers.emplace_back(new MountCleanUpHandler(dst));
     } else {
         log_error() << "Could not mount tmpfs into directory: " << dst << " size=" << maxSize;
         return false;
     }
 
     m_createDirList.push_back(std::move(createDirInstance));
     return true;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

bool softwarecontainer::FileToolkitWithUndo::overlayMount	(	const std::string &	lower,
		const std::string &	upper,
		const std::string &	work,
		const std::string &	dst
	)

protectedinherited

overlayMount Mount a directory with an overlay on top of it.

An overlay protects the lower filesystem from writes by writing to the upper file system through the work directory.

Parameters

lower	The lower file system, this will be read only.
upper	The upper file system, this can be a tmpfs/ramfs of some kind. This is where final writes wind up
work	This is a work directory, preferably a tmpfs/ramfs of some kind. This is where writes wind up temporarily.
dst	Where the overlay filesystem will be mounted.

Returns: true on success, false on failure

Definition at line 130 of file filetoolkitwithundo.cpp.

References softwarecontainer::FileToolkitWithUndo::m_cleanupHandlers, and softwarecontainer::FileToolkitWithUndo::m_createDirList.

Referenced by softwarecontainer::Container::create().

 {
     std::string fstype = "overlay";
     unsigned long flags = 0;
     std::unique_ptr<CreateDir> createDirInstance = std::unique_ptr<CreateDir>(new CreateDir());
 
     if (!createDirInstance->createDirectory(lower)
         || !createDirInstance->createDirectory(upper)
         || !createDirInstance->createDirectory(work)
         || !createDirInstance->createDirectory(dst))
     {
         log_error() << "Failed to create lower/upper/work directory for overlayMount. lowerdir=" <<
                        lower << ", upperdir=" << upper << ", workdir=" << work;
         return false;
     }
 
     std::string mountoptions = logging::StringBuilder() << "lowerdir=" << lower
                                                         << ",upperdir=" << upper
                                                         << ",workdir=" << work;
 
     int mountRes = mount("overlay", dst.c_str(), fstype.c_str(), flags, mountoptions.c_str());
 
     if (mountRes == 0) {
         log_verbose() << "overlayMounted folder " << lower << " in " << dst;
         m_cleanupHandlers.emplace_back(new MountCleanUpHandler(dst));
         m_cleanupHandlers.emplace_back(new OverlaySyncCleanupHandler(upper, lower));
     } else {
         log_error() << "Could not mount into container: upper=" << upper
                     << ",lower=" << lower
                     << ",work=" << work
                     << " at dst=" << dst << " err=" << strerror(errno);
         return false;
     }
 
     m_createDirList.push_back(std::move(createDirInstance));
     return true;
 }

Here is the caller graph for this function:

bool softwarecontainer::FileToolkitWithUndo::syncOverlayMount	(	const std::string &	lower,
		const std::string &	upper
	)

protectedinherited

syncOverlayMount Copy the directory structure from upper layer to the lower layer

Parameters

lower	The lower layer used in an overlay file system.
upper	The upper layer in an overlay file system.

Returns: true on success, false on failure

Definition at line 171 of file filetoolkitwithundo.cpp.

References softwarecontainer::RecursiveCopy::copy(), and softwarecontainer::RecursiveCopy::getInstance().

 {
     return RecursiveCopy::getInstance().copy(upper, lower);
 }

Here is the call graph for this function:

bool softwarecontainer::FileToolkitWithUndo::createSharedMountPoint ( const std::string & path )

protectedinherited

createSharedMountPoint Make the mount point shared, ie new mount points created in one bind mount will also be created in the other mount point.

Parameters

path	The mount path to make shared.

Returns: true on success, false on failure

Definition at line 206 of file filetoolkitwithundo.cpp.

References softwarecontainer::FileToolkitWithUndo::m_cleanupHandlers.

Referenced by softwarecontainer::Container::initialize().

 {
     auto mountRes = mount(path.c_str(), path.c_str(), "", MS_BIND, nullptr);
     if (mountRes != 0) {
         log_error() << "Could not bind mount " << path << " to itself";
         return false;
     }
 
     mountRes = mount(path.c_str(), path.c_str(), "", MS_UNBINDABLE, nullptr);
     if (mountRes != 0) {
         log_error() << "Could not make " << path << " unbindable";
         return false;
     }
 
     mountRes = mount(path.c_str(), path.c_str(), "", MS_SHARED, nullptr);
     if (mountRes != 0) {
         log_error() << "Could not make " << path << " shared";
         return false;
     }
 
     m_cleanupHandlers.emplace_back(new MountCleanUpHandler(path));
     log_debug() << "Created shared mount point at " << path;
 
     return true;
 }

Here is the caller graph for this function:

bool softwarecontainer::FileToolkitWithUndo::pathInList ( const std::string path )

protectedinherited

checks whether given path is already added to clean up handlers or not

This function will be called only before adding new CleanUpHandler for FileCleanUpHandler and DirectoryCleanUpHandler. The reason behind this, only indicated CleanUpHandlers are related with file/directory removal operations.

Parameters

a	string path name to check

Returns: true if the path is already exist, false otherwise

Definition at line 232 of file filetoolkitwithundo.cpp.

References softwarecontainer::FileToolkitWithUndo::m_cleanupHandlers.

Referenced by softwarecontainer::Container::bindMountInContainer().

 {
 
     for (auto &element : m_cleanupHandlers) {
         if (element->queryName() == path) {
             return true;
         }
     }
     return false;
 }

Here is the caller graph for this function:

Field Documentation

std::vector<std::unique_ptr<CleanUpHandler> > softwarecontainer::FileToolkitWithUndo::m_cleanupHandlers

protectedinherited

m_cleanupHandlers A vector of cleanupHandlers added during the lifetime of the FileToolKitWithUndo that will be run from the destructor.

Definition at line 121 of file filetoolkitwithundo.h.

Referenced by softwarecontainer::Container::bindMountInContainer(), softwarecontainer::FileToolkitWithUndo::createSharedMountPoint(), softwarecontainer::FileToolkitWithUndo::overlayMount(), softwarecontainer::FileToolkitWithUndo::pathInList(), and softwarecontainer::FileToolkitWithUndo::tmpfsMount().

std::vector<std::unique_ptr<CreateDir> > softwarecontainer::FileToolkitWithUndo::m_createDirList

protectedinherited

m_createDirList A vector of CreateDir classes.

This class handles directory cleaning operations when either interfered errors or when its destructor runs.

Definition at line 127 of file filetoolkitwithundo.h.

Referenced by softwarecontainer::FileToolkitWithUndo::bindMount(), softwarecontainer::Container::bindMountInContainer(), softwarecontainer::Container::initialize(), softwarecontainer::FileToolkitWithUndo::overlayMount(), softwarecontainer::SoftwareContainer::previouslyConfigured(), and softwarecontainer::FileToolkitWithUndo::tmpfsMount().

The documentation for this class was generated from the following files:

libsoftwarecontainer/src/gateway/devicenode/devicenodegateway.h
libsoftwarecontainer/src/gateway/devicenode/devicenodegateway.cpp

Public Types

Public Member Functions

Static Public Attributes

Protected Member Functions

Protected Attributes

Detailed Description

Member Function Documentation

Field Documentation