diff --git a/src/swmod_lxc.c b/src/swmod_lxc.c
index 50d183a37305a47fbba4c72b2a22231f490c2884..5d63eac116897792f3825f24f318b1a7c1fc4487 100644
--- a/src/swmod_lxc.c
+++ b/src/swmod_lxc.c
@@ -72,6 +72,7 @@ static int lxc_attach_func(struct lxc_container *ct, lxc_attach_exec_t exec_func
{
pid_t pid;
int ret, pipefd[2];
+ struct lxc_log log;
lxc_attach_options_t attach_options = LXC_ATTACH_OPTIONS_DEFAULT;
ret = pipe(pipefd);
@@ -80,12 +81,28 @@ static int lxc_attach_func(struct lxc_container *ct, lxc_attach_exec_t exec_func
return ret;
}
+ log.name = "test";
+ log.file = NULL;
+ log.level = "DEBUG";
+ log.prefix = "LXC";
+ log.lxcpath = NULL;
+
attach_options.stdout_fd = pipefd[1];
+ if (lxc_log_init(&log)) {
+ PRINT_DEBUG("Failed to init log file");
+ goto err;
+ }
ret = ct->attach(ct, exec_function, command, &attach_options, &pid);
- if (ret < 0)
+ if (ret < 0) {
+ PRINT_DEBUG("Failed to attach");
goto err;
+ }
+ PRINT_DEBUG("## Closing write end");
+ close(pipefd[1]);
+ lxc_attach_result[0] = '\0';
+ PRINT_DEBUG("reading output %ld, ret[%d]", pid, ret);
ret = read(pipefd[0], lxc_attach_result, sizeof(lxc_attach_result)-1);
if (ret < 0) {
PRINT_INFO("Failed to read from pipe");
@@ -93,6 +110,7 @@ static int lxc_attach_func(struct lxc_container *ct, lxc_attach_exec_t exec_func
goto wait;
}
+ PRINT_DEBUG("reading output done");
lxc_attach_result[ret] = '\0';
ret = 0;
wait:
@@ -102,12 +120,13 @@ wait:
err:
close(pipefd[0]);
- close(pipefd[1]);
+ lxc_log_close();
return ret;
}
/************************** Execution Environments **************************/
+/*
static int lxc_attach_run_env_func(void *args)
{
struct utsname utsname;
@@ -127,15 +146,15 @@ static int lxc_attach_run_env_func(void *args)
avail_mem = (sinfo.freeram / 1024);
}
- /* lxc_attach_result buffer format */
- /* type=<ENV_TYPE> vendor=<ENV_VENDOR> version=<ENV_VERSION>
- * alloc_mem=<ENV_ALLOCATED_MEMORY> avail_mem=<ENV_AVAILABLE_MEMORY> */
- PRINT_DEBUG("type=%s vendor=%s version=%s alloc_mem=%lu avail_mem=%lu",
+ // lxc_attach_result buffer format
+ // type=<ENV_TYPE> vendor=<ENV_VENDOR> version=<ENV_VERSION>
+ // alloc_mem=<ENV_ALLOCATED_MEMORY> avail_mem=<ENV_AVAILABLE_MEMORY>
+ printf("type=%s vendor=%s version=%s alloc_mem=%lu avail_mem=%lu",
type, vendor, version, alloc_mem, avail_mem);
return 0;
}
-
+*/
void populate_lxc_environment(void)
{
const char *lxcpath = NULL;
@@ -150,6 +169,9 @@ void populate_lxc_environment(void)
for (i = 0; i < lxc_nbr; i++) {
struct lxc_container *ct = clist[i];
+ struct lxc_log log;
+ lxc_attach_options_t attach_options = LXC_ATTACH_OPTIONS_DEFAULT;
+ lxc_attach_command_t cmd = (lxc_attach_command_t) {.program = NULL};
environments[i+1].exists = true;
swmod_strncpy(environments[i+1].name, ct->name, 32);
@@ -157,17 +179,40 @@ void populate_lxc_environment(void)
swmod_strncpy(environments[i+1].type, "Linux Container", 16);
if (!ct->is_running(ct)) {
- PRINT_INFO("lxc container not running");
+ PRINT_INFO("lxc container [%s] not running", ct->name);
lxc_container_put(ct);
continue;
}
- PRINT_DEBUG("Reading environment details for [%s] container", ct->name);
+ log.name = "test";
+ log.file = "/tmp/swmodd_debug.log";
+ log.level = "DEBUG";
+ log.prefix = "LXC";
+ log.lxcpath = lxcpath;
+
+ if (lxc_log_init(&log)) {
+ PRINT_DEBUG("Failed to init log file");
+ }
+
+ attach_options.log_fd = open("/tmp/swmodd_out.log", O_CLOEXEC | O_RDWR | O_CREAT | O_APPEND, 0600);
+ attach_options.stdout_fd = STDOUT_FILENO;
+ attach_options.attach_flags |= LXC_ATTACH_TERMINAL;
+ attach_options.env_policy = LXC_ATTACH_KEEP_ENV;
+ attach_options.personality = -1;
+ cmd.program = "date";
+ //char *argv[] = {"-a"};
+ PRINT_DEBUG("# Reading date environment details for [%s] container fd(%d)", ct->name, attach_options.log_fd);
+ lxc_container_get(ct);
+ int ret = ct->attach_run_wait(ct, &attach_options, cmd.program, NULL);
+ //ret = ct->attach_run_wait(ct, &attach_options, "uname", NULL);
+ //ret = ct->attach_run_wait(ct, &attach_options, cmd.program, NULL);
+
+ /*
int ret = lxc_attach_func(ct, lxc_attach_run_env_func, NULL);
if (ret >= 0) {
- /* lxc_attach_result buffer format */
- /* type=<ENV_TYPE> vendor=<ENV_VENDOR> version=<ENV_VERSION>
- * alloc_mem=<ENV_ALLOCATED_MEMORY> avail_mem=<ENV_AVAILABLE_MEMORY> */
+ // lxc_attach_result buffer format
+ // type=<ENV_TYPE> vendor=<ENV_VENDOR> version=<ENV_VERSION>
+ // alloc_mem=<ENV_ALLOCATED_MEMORY> avail_mem=<ENV_AVAILABLE_MEMORY>
sscanf(lxc_attach_result, "type=%64s vendor=%128s version=%16s alloc_mem=%lu avail_mem=%lu",
environments[i+1].type,
@@ -179,8 +224,11 @@ void populate_lxc_environment(void)
environments[i+1].allocated_disk_space = 0; // TODO
environments[i+1].available_disk_space = 0; // TODO
}
+ */
+ PRINT_DEBUG("## Reading environment details for [%s] container ret[%d] done ##", ct->name, WEXITSTATUS(ret));
lxc_container_put(ct);
+ close(attach_options.log_fd);
}
if (lxc_nbr > 0)
@@ -197,17 +245,10 @@ static int lxc_attach_run_deployment_unit_func(void *args)
return -1;
}
- char lxc_map_du_path[128] = {0};
-
- snprintf(lxc_map_du_path, sizeof(lxc_map_du_path), "%s/%s/rootfs%s",
- data->lxcpath,
- data->value,
- OPKG_INFO_PATH);
-
-
- time_t tm = get_file_mtime(lxc_map_du_path);
+ time_t tm = get_file_mtime(OPKG_INFO_PATH);
unsigned int um = 0;
+
sscanf(lxc_hash, "%u", &um);
if (tm == um) {
PRINT_INFO("Invalid lxc hash");
@@ -275,8 +316,6 @@ static int lxc_attach_run_deployment_unit_func(void *args)
snprintf(lxc_hash, sizeof(lxc_hash), "%u", (unsigned int)tm);
- PRINT_DEBUG("populate deployment unit: done");
-
return 0;
}
@@ -457,6 +496,7 @@ void populate_lxc_deployment_execution_units(int action)
lxc_attach_func(ct, lxc_attach_run_execution_unit_func, &command);
lxc_container_put(ct);
+ PRINT_DEBUG("Reading DU,EU[%d] done", action);
}
end:
diff --git a/src/tools.c b/src/tools.c
index 0d1ab451f2b0a36175412c904f401676c85ad391..45326b0902a29c89a33d3060490e7a1bc5e4e100 100644
--- a/src/tools.c
+++ b/src/tools.c
@@ -43,7 +43,7 @@
#endif
#define PROC_PATH "/proc"
-#define DEFAULT_LOG_LEVEL (LOG_ERR)
+#define DEFAULT_LOG_LEVEL (LOG_DEBUG)
static unsigned char gLogLevel = DEFAULT_LOG_LEVEL;
@@ -117,8 +117,10 @@ time_t get_file_mtime(const char *path)
{
struct stat statbuf;
- if (stat(path, &statbuf) == -1)
+ if (stat(path, &statbuf) == -1) {
+ PRINT_DEBUG("Failed to get stat for [%s]", path);
return 0;
+ }
return statbuf.st_mtime;
}
diff --git a/templates/lxc-iopsys b/templates/lxc-iopsys
index 372bc03d25aaec8f49783c6e02837b3379f61937..2343da9c5e06fa387055570b1e02192c41f4185b 100755
--- a/templates/lxc-iopsys
+++ b/templates/lxc-iopsys
@@ -264,16 +264,42 @@ copy_configuration()
grep -q "^lxc.rootfs.path" "${path}/config" 2>/dev/null || echo "lxc.rootfs.path = ${rootfs}" >> "${path}/config"
cat <<EOF >> "${path}/config"
-lxc.signal.halt = SIGUSR1
-lxc.signal.reboot = SIGTERM
lxc.uts.name = "${name}"
-lxc.tty.max = 1
-lxc.pty.max = 1
-lxc.cap.drop = sys_module mac_admin mac_override sys_time
+lxc.cap.drop = mac_admin
+lxc.cap.drop = mac_override
+lxc.cap.drop = sys_admin
+lxc.cap.drop = sys_boot
+lxc.cap.drop = sys_module
+lxc.cap.drop = sys_nice
+lxc.cap.drop = sys_pacct
+lxc.cap.drop = sys_ptrace
+lxc.cap.drop = sys_rawio
+lxc.cap.drop = sys_resource
+lxc.cap.drop = sys_time
+lxc.cap.drop = sys_tty_config
+lxc.cap.drop = syslog
+lxc.cap.drop = wake_alarm
+
+lxc.cgroup.devices.deny = a
+lxc.cgroup.devices.allow = c 1:3 rwm
+lxc.cgroup.devices.allow = c 1:5 rwm
+lxc.cgroup.devices.allow = c 5:1 rwm
+lxc.cgroup.devices.allow = c 5:0 rwm
+lxc.cgroup.devices.allow = c 4:0 rwm
+lxc.cgroup.devices.allow = c 4:1 rwm
+lxc.cgroup.devices.allow = c 1:9 rwm
+lxc.cgroup.devices.allow = c 1:8 rwm
+lxc.cgroup.devices.allow = c 136:* rwm
+lxc.cgroup.devices.allow = c 5:2 rwm
+lxc.cgroup.devices.allow = c 254:0 rwm
+lxc.cgroup.devices.allow = c 10:200 rwm
+
+lxc.autodev = 1
lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
lxc.mount.entry = shm dev/shm tmpfs defaults,create=dir 0 0
lxc.mount.entry = mqueue dev/mqueue mqueue defaults,optional,create=dir 0 0
+
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.link = br-lan