#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
#include "config.h"
#include "pathconfig.h"
#include "planetlab.h"
#include "vserver-internal.h"
-/* I don't like needing to define __KERNEL__ -- mef */
-#define __KERNEL__
-#include "kernel/limit.h"
-#undef __KERNEL__
-
#define NONE ({ Py_INCREF(Py_None); Py_None; })
/*
{
int ctx_is_new;
xid_t ctx;
- uint_least64_t bcaps = ~vc_get_insecurebcaps();
+ uint_least64_t bcaps = 0;
- if (!PyArg_ParseTuple(args, "I", &ctx))
+ if (!PyArg_ParseTuple(args, "I|K", &ctx, &bcaps))
return NULL;
+ bcaps |= ~vc_get_insecurebcaps();
if ((ctx_is_new = pl_chcontext(ctx, bcaps, 0)) < 0)
return PyErr_SetFromErrno(PyExc_OSError);
lresource = resource;
switch (resource) {
- case VLIMIT_NSOCK:
- case VLIMIT_ANON:
- case VLIMIT_SHMEM:
+ case VC_VLIMIT_NSOCK:
+ case VC_VLIMIT_ANON:
+ case VC_VLIMIT_SHMEM:
goto do_vc_set_rlimit;
- case VLIMIT_OPENFD:
+ case VC_VLIMIT_OPENFD:
lresource = RLIMIT_NOFILE;
break;
default:
PyObject *res;
char* path;
unsigned xid;
- struct vcmd_ctx_dlimit_v0 data;
+ struct vc_ctx_dlimit data;
int r;
if (!PyArg_ParseTuple(args, "si", &path,&xid))
return NULL;
memset(&data, 0, sizeof(data));
- data.name = path;
- data.flags = 0;
- r = vserver(VCMD_get_dlimit, xid, &data);
+ r = vc_get_dlimit(path, xid, 0, &data);
if (r>=0) {
res = Py_BuildValue("(i,i,i,i,i)",
data.space_used,
{
char* path;
unsigned xid;
- struct vcmd_ctx_dlimit_base_v0 init;
- struct vcmd_ctx_dlimit_v0 data;
+ struct vc_ctx_dlimit data;
memset(&data,0,sizeof(data));
if (!PyArg_ParseTuple(args, "siiiiii", &path,
&data.reserved))
return NULL;
- data.name = path;
- data.flags = 0;
-
- memset(&init, 0, sizeof(init));
- init.name = path;
- init.flags = 0;
-
- if ((vserver(VCMD_add_dlimit, xid, &init) && errno != EEXIST) ||
- vserver(VCMD_set_dlimit, xid, &data))
+ if ((vc_add_dlimit(path, xid, 0) && errno != EEXIST) ||
+ vc_set_dlimit(path, xid, 0, &data))
return PyErr_SetFromErrno(PyExc_OSError);
return NONE;
{
char *path;
unsigned xid;
- struct vcmd_ctx_dlimit_base_v0 init;
if (!PyArg_ParseTuple(args, "si", &path, &xid))
return NULL;
- memset(&init, 0, sizeof(init));
- init.name = path;
- init.flags = 0;
-
- if (vserver(VCMD_rem_dlimit, xid, &init) && errno != ESRCH)
+ if (vc_rem_dlimit(path, xid, 0) && errno != ESRCH)
return PyErr_SetFromErrno(PyExc_OSError);
return NONE;
static PyObject *
vserver_killall(PyObject *self, PyObject *args)
{
- xid_t ctx;
- int sig;
+ xid_t ctx;
+ int sig;
+ struct vc_ctx_flags cflags = {
+ .flagword = 0,
+ .mask = VC_VXF_PERSISTENT
+ };
+ struct vc_net_flags nflags = {
+ .flagword = 0,
+ .mask = VC_NXF_PERSISTENT
+ };
if (!PyArg_ParseTuple(args, "Ii", &ctx, &sig))
return NULL;
if (vc_ctx_kill(ctx, 0, sig) && errno != ESRCH)
return PyErr_SetFromErrno(PyExc_OSError);
+ if (vc_set_cflags(ctx, &cflags) && errno != ESRCH)
+ return PyErr_SetFromErrno(PyExc_OSError);
+
+ if (vc_set_nflags(ctx, &nflags) && errno != ESRCH)
+ return PyErr_SetFromErrno(PyExc_OSError);
+
+ return NONE;
+}
+
+static PyObject *
+vserver_set_bcaps(PyObject *self, PyObject *args)
+{
+ xid_t ctx;
+ struct vc_ctx_caps caps;
+
+ if (!PyArg_ParseTuple(args, "IK", &ctx, &caps.bcaps))
+ return NULL;
+
+ caps.bmask = vc_get_insecurebcaps();
+ caps.cmask = caps.ccaps = 0;
+ if (vc_set_ccaps(ctx, &caps) == -1 && errno != ESRCH)
+ return PyErr_SetFromErrno(PyExc_OSError);
+
+ return NONE;
+}
+
+static PyObject *
+vserver_text2bcaps(PyObject *self, PyObject *args)
+{
+ struct vc_ctx_caps caps = { .bcaps = 0 };
+ const char *list;
+ int len;
+ struct vc_err_listparser err;
+
+ if (!PyArg_ParseTuple(args, "s#", &list, &len))
+ return NULL;
+
+ vc_list2bcap(list, len, &err, &caps);
+
+ return Py_BuildValue("K", caps.bcaps);
+}
+
+static PyObject *
+vserver_get_bcaps(PyObject *self, PyObject *args)
+{
+ xid_t ctx;
+ struct vc_ctx_caps caps;
+
+ if (!PyArg_ParseTuple(args, "I", &ctx))
+ return NULL;
+
+ if (vc_get_ccaps(ctx, &caps) == -1) {
+ if (errno != -ESRCH)
+ return PyErr_SetFromErrno(PyExc_OSError);
+ else
+ caps.bcaps = 0;
+ }
+
+ return Py_BuildValue("K", caps.bcaps & vc_get_insecurebcaps());
+}
+
+static PyObject *
+vserver_bcaps2text(PyObject *self, PyObject *args)
+{
+ struct vc_ctx_caps caps = { .bcaps = 0 };
+ PyObject *list;
+ const char *cap;
+
+ if (!PyArg_ParseTuple(args, "K", &caps.bcaps))
+ return NULL;
+
+ list = PyString_FromString("");
+
+ while ((cap = vc_lobcap2text(&caps.bcaps)) != NULL) {
+ if (list == NULL)
+ break;
+ PyString_ConcatAndDel(&list, PyString_FromFormat(
+ (PyString_Size(list) > 0 ? ",CAP_%s" : "CAP_%s" ),
+ cap));
+ }
+
+ return list;
+}
+
+static inline int
+convertAddress(const char *str, vc_net_nx_type *type, void *dst)
+{
+ int ret;
+ if (type) *type = vcNET_IPV4;
+ ret = inet_pton(AF_INET, str, dst);
+ if (ret==0) {
+ if (type) *type = vcNET_IPV6;
+ ret = inet_pton(AF_INET6, str, dst);
+ }
+ return ret > 0 ? 0 : -1;
+}
+
+/* XXX These two functions are really similar */
+static PyObject *
+vserver_net_add(PyObject *self, PyObject *args)
+{
+ struct vc_net_nx addr;
+ nid_t nid;
+ const char *ip;
+
+ if (!PyArg_ParseTuple(args, "Is", &nid, &ip))
+ return NULL;
+
+ if (convertAddress(ip, &addr.type, &addr.ip) == -1)
+ return PyErr_Format(PyExc_ValueError, "%s is not a valid IP address", ip);
+
+ switch (addr.type) {
+ case vcNET_IPV4: addr.mask[0] = htonl(0xffffff00); break;
+ case vcNET_IPV6: addr.mask[0] = 64; break;
+ default: addr.mask[0] = 0; break;
+ }
+ addr.count = 1;
+
+ if (vc_net_add(nid, &addr) == -1 && errno != ESRCH)
+ return PyErr_SetFromErrno(PyExc_OSError);
+
+ return NONE;
+}
+
+static PyObject *
+vserver_net_remove(PyObject *self, PyObject *args)
+{
+ struct vc_net_nx addr;
+ nid_t nid;
+ const char *ip;
+
+ if (!PyArg_ParseTuple(args, "Is", &nid, &ip))
+ return NULL;
+
+ if (strcmp(ip, "all") == 0)
+ addr.type = vcNET_ANY;
+ else if (strcmp(ip, "all4") == 0)
+ addr.type = vcNET_IPV4A;
+ else if (strcmp(ip, "all6") == 0)
+ addr.type = vcNET_IPV6A;
+ else
+ if (convertAddress(ip, &addr.type, &addr.ip) == -1)
+ return PyErr_Format(PyExc_ValueError, "%s is not a valid IP address", ip);
+
+ switch (addr.type) {
+ case vcNET_IPV4: addr.mask[0] = htonl(0xffffff00); break;
+ case vcNET_IPV6: addr.mask[0] = 64; break;
+ default: addr.mask[0] = 0; break;
+ }
+ addr.count = 1;
+
+ if (vc_net_remove(nid, &addr) == -1 && errno != ESRCH)
+ return PyErr_SetFromErrno(PyExc_OSError);
+
return NONE;
}
"Send signal to all processes in vserver context" },
{ "isrunning", vserver_isrunning, METH_VARARGS,
"Check if vserver is running"},
+ { "setbcaps", vserver_set_bcaps, METH_VARARGS,
+ "Set POSIX capabilities of a vserver context" },
+ { "getbcaps", vserver_get_bcaps, METH_VARARGS,
+ "Get POSIX capabilities of a vserver context" },
+ { "text2bcaps", vserver_text2bcaps, METH_VARARGS,
+ "Translate a string of capabilities to a bitmap" },
+ { "bcaps2text", vserver_bcaps2text, METH_VARARGS,
+ "Translate a capability-bitmap into a string" },
+ { "netadd", vserver_net_add, METH_VARARGS,
+ "Assign an IP address to a context" },
+ { "netremove", vserver_net_remove, METH_VARARGS,
+ "Remove IP address(es) from a context" },
{ NULL, NULL, 0, NULL }
};
PyModule_AddStringConstant(mod, "VSERVER_BASEDIR", DEFAULT_VSERVERDIR);
/* export limit-related constants */
- PyModule_AddIntConstant(mod, "DLIMIT_KEEP", (int)CDLIM_KEEP);
- PyModule_AddIntConstant(mod, "DLIMIT_INF", (int)CDLIM_INFINITY);
+ PyModule_AddIntConstant(mod, "DLIMIT_KEEP", (int)VC_CDLIM_KEEP);
+ PyModule_AddIntConstant(mod, "DLIMIT_INF", (int)VC_CDLIM_INFINITY);
PyModule_AddIntConstant(mod, "VC_LIM_KEEP", (int)VC_LIM_KEEP);
PyModule_AddIntConstant(mod, "RLIMIT_CPU", (int)RLIMIT_CPU);
PyModule_AddIntConstant(mod, "RLIMIT_SIGPENDING", (int)RLIMIT_SIGPENDING);
PyModule_AddIntConstant(mod, "RLIMIT_MSGQUEUE", (int)RLIMIT_MSGQUEUE);
- PyModule_AddIntConstant(mod, "VLIMIT_NSOCK", (int)VLIMIT_NSOCK);
- PyModule_AddIntConstant(mod, "VLIMIT_OPENFD", (int)VLIMIT_OPENFD);
- PyModule_AddIntConstant(mod, "VLIMIT_ANON", (int)VLIMIT_ANON);
- PyModule_AddIntConstant(mod, "VLIMIT_SHMEM", (int)VLIMIT_SHMEM);
+ PyModule_AddIntConstant(mod, "VLIMIT_NSOCK", (int)VC_VLIMIT_NSOCK);
+ PyModule_AddIntConstant(mod, "VLIMIT_OPENFD", (int)VC_VLIMIT_OPENFD);
+ PyModule_AddIntConstant(mod, "VLIMIT_ANON", (int)VC_VLIMIT_ANON);
+ PyModule_AddIntConstant(mod, "VLIMIT_SHMEM", (int)VC_VLIMIT_SHMEM);
/* scheduler flags */
PyModule_AddIntConstant(mod,