remote_daemon.c 48.1 KB
Newer Older
D
Daniel P. Berrange 已提交
1
/*
2
 * remote_daemon.c: daemon start of day, guest process & i/o management
D
Daniel P. Berrange 已提交
3
 *
4
 * Copyright (C) 2006-2018 Red Hat, Inc.
D
Daniel P. Berrange 已提交
5 6 7 8 9 10 11 12 13 14 15 16 17
 * Copyright (C) 2006 Daniel P. Berrange
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
18
 * License along with this library.  If not, see
O
Osier Yang 已提交
19
 * <http://www.gnu.org/licenses/>.
D
Daniel P. Berrange 已提交
20 21 22 23
 *
 * Author: Daniel P. Berrange <berrange@redhat.com>
 */

24
#include <config.h>
25

D
Daniel P. Berrange 已提交
26 27
#include <unistd.h>
#include <fcntl.h>
28 29
#include <sys/wait.h>
#include <sys/stat.h>
D
Daniel P. Berrange 已提交
30
#include <getopt.h>
31
#include <stdlib.h>
32
#include <grp.h>
33

34
#include "libvirt_internal.h"
35
#include "virerror.h"
E
Eric Blake 已提交
36
#include "virfile.h"
37
#include "virlog.h"
38
#include "virpidfile.h"
39
#include "virprocess.h"
40

41 42
#define VIR_FROM_THIS VIR_FROM_QEMU

43 44
#include "remote_daemon.h"
#include "remote_daemon_config.h"
45

46
#include "admin/admin_server_dispatch.h"
47
#include "viruuid.h"
48
#include "remote_driver.h"
49
#include "viralloc.h"
50
#include "virconf.h"
51
#include "virnetlink.h"
52
#include "virnetdaemon.h"
53
#include "remote_daemon_dispatch.h"
54
#include "virhook.h"
55
#include "viraudit.h"
56
#include "virstring.h"
57 58
#include "locking/lock_manager.h"
#include "viraccessmanager.h"
59
#include "virutil.h"
60
#include "virgettext.h"
61
#include "util/virnetdevopenvswitch.h"
D
Daniel P. Berrange 已提交
62

63
#include "driver.h"
64

65 66
#include "configmake.h"

67 68
#include "virdbus.h"

69 70
VIR_LOG_INIT("daemon.libvirtd");

71
#if WITH_SASL
72
virNetSASLContextPtr saslCtxt = NULL;
73
#endif
74
virNetServerProgramPtr remoteProgram = NULL;
75
virNetServerProgramPtr adminProgram = NULL;
76
virNetServerProgramPtr qemuProgram = NULL;
77
virNetServerProgramPtr lxcProgram = NULL;
78

79 80
volatile bool driversInitialized = false;

81 82 83 84 85 86 87 88 89
enum {
    VIR_DAEMON_ERR_NONE = 0,
    VIR_DAEMON_ERR_PIDFILE,
    VIR_DAEMON_ERR_RUNDIR,
    VIR_DAEMON_ERR_INIT,
    VIR_DAEMON_ERR_SIGNAL,
    VIR_DAEMON_ERR_PRIVS,
    VIR_DAEMON_ERR_NETWORK,
    VIR_DAEMON_ERR_CONFIG,
90
    VIR_DAEMON_ERR_HOOKS,
91
    VIR_DAEMON_ERR_AUDIT,
92 93 94 95 96 97 98 99 100 101 102 103 104

    VIR_DAEMON_ERR_LAST
};

VIR_ENUM_DECL(virDaemonErr)
VIR_ENUM_IMPL(virDaemonErr, VIR_DAEMON_ERR_LAST,
              "Initialization successful",
              "Unable to obtain pidfile",
              "Unable to create rundir",
              "Unable to initialize libvirt",
              "Unable to setup signal handlers",
              "Unable to drop privileges",
              "Unable to initialize network sockets",
105
              "Unable to load configuration file",
106 107
              "Unable to look for hook scripts",
              "Unable to initialize audit system")
108

109
static int daemonForkIntoBackground(const char *argv0)
110
{
111 112 113 114
    int statuspipe[2];
    if (pipe(statuspipe) < 0)
        return -1;

115
    pid_t pid = fork();
D
Daniel P. Berrange 已提交
116 117 118
    switch (pid) {
    case 0:
        {
E
Eric Blake 已提交
119
            /* intermediate child */
D
Daniel P. Berrange 已提交
120 121
            int stdinfd = -1;
            int stdoutfd = -1;
122
            int nextpid;
D
Daniel P. Berrange 已提交
123

124
            VIR_FORCE_CLOSE(statuspipe[0]);
125

126
            if ((stdinfd = open("/dev/null", O_RDONLY)) <= STDERR_FILENO)
D
Daniel P. Berrange 已提交
127
                goto cleanup;
128
            if ((stdoutfd = open("/dev/null", O_WRONLY)) <= STDERR_FILENO)
D
Daniel P. Berrange 已提交
129 130 131 132 133 134 135
                goto cleanup;
            if (dup2(stdinfd, STDIN_FILENO) != STDIN_FILENO)
                goto cleanup;
            if (dup2(stdoutfd, STDOUT_FILENO) != STDOUT_FILENO)
                goto cleanup;
            if (dup2(stdoutfd, STDERR_FILENO) != STDERR_FILENO)
                goto cleanup;
136
            if (VIR_CLOSE(stdinfd) < 0)
D
Daniel P. Berrange 已提交
137
                goto cleanup;
138
            if (VIR_CLOSE(stdoutfd) < 0)
D
Daniel P. Berrange 已提交
139 140 141 142 143 144 145
                goto cleanup;

            if (setsid() < 0)
                goto cleanup;

            nextpid = fork();
            switch (nextpid) {
E
Eric Blake 已提交
146
            case 0: /* grandchild */
147
                return statuspipe[1];
E
Eric Blake 已提交
148 149 150 151
            case -1: /* error */
                goto cleanup;
            default: /* intermediate child succeeded */
                _exit(EXIT_SUCCESS);
D
Daniel P. Berrange 已提交
152 153 154
            }

        cleanup:
155 156
            VIR_FORCE_CLOSE(stdoutfd);
            VIR_FORCE_CLOSE(stdinfd);
E
Eric Blake 已提交
157 158
            VIR_FORCE_CLOSE(statuspipe[1]);
            _exit(EXIT_FAILURE);
D
Daniel P. Berrange 已提交
159 160 161

        }

E
Eric Blake 已提交
162 163
    case -1: /* error in parent */
        goto error;
D
Daniel P. Berrange 已提交
164 165 166

    default:
        {
E
Eric Blake 已提交
167
            /* parent */
168 169 170
            int ret;
            char status;

171
            VIR_FORCE_CLOSE(statuspipe[1]);
172 173

            /* We wait to make sure the first child forked successfully */
174
            if (virProcessWait(pid, NULL, false) < 0)
E
Eric Blake 已提交
175
                goto error;
176

E
Eric Blake 已提交
177 178 179
            /* If we get here, then the grandchild was spawned, so we
             * must exit.  Block until the second child initializes
             * successfully */
180 181 182 183 184
        again:
            ret = read(statuspipe[0], &status, 1);
            if (ret == -1 && errno == EINTR)
                goto again;

E
Eric Blake 已提交
185 186 187 188 189
            VIR_FORCE_CLOSE(statuspipe[0]);

            if (ret != 1) {
                char ebuf[1024];

190
                fprintf(stderr,
E
Eric Blake 已提交
191 192 193 194 195 196 197 198
                        _("%s: error: unable to determine if daemon is "
                          "running: %s\n"), argv0,
                        virStrerror(errno, ebuf, sizeof(ebuf)));
                exit(EXIT_FAILURE);
            } else if (status != 0) {
                fprintf(stderr,
                        _("%s: error: %s. Check /var/log/messages or run "
                          "without --daemon for more info.\n"), argv0,
199
                        virDaemonErrTypeToString(status));
E
Eric Blake 已提交
200
                exit(EXIT_FAILURE);
201
            }
E
Eric Blake 已提交
202
            _exit(EXIT_SUCCESS);
D
Daniel P. Berrange 已提交
203 204
        }
    }
E
Eric Blake 已提交
205

206
 error:
E
Eric Blake 已提交
207 208 209
    VIR_FORCE_CLOSE(statuspipe[0]);
    VIR_FORCE_CLOSE(statuspipe[1]);
    return -1;
D
Daniel P. Berrange 已提交
210 211
}

212

213 214 215 216
static int
daemonUnixSocketPaths(struct daemonConfig *config,
                      bool privileged,
                      char **sockfile,
217 218
                      char **rosockfile,
                      char **admsockfile)
J
John Levon 已提交
219
{
220 221 222
    int ret = -1;
    char *rundir = NULL;

223 224
    if (config->unix_sock_dir) {
        if (virAsprintf(sockfile, "%s/libvirt-sock", config->unix_sock_dir) < 0)
225
            goto cleanup;
226 227

        if (privileged) {
228 229 230
            if (virAsprintf(rosockfile, "%s/libvirt-sock-ro", config->unix_sock_dir) < 0 ||
                virAsprintf(admsockfile, "%s/libvirt-admin-sock", config->unix_sock_dir) < 0)
                goto cleanup;
231
        }
D
Daniel P. Berrange 已提交
232
    } else {
233
        if (privileged) {
234
            if (VIR_STRDUP(*sockfile, LOCALSTATEDIR "/run/libvirt/libvirt-sock") < 0 ||
235 236
                VIR_STRDUP(*rosockfile, LOCALSTATEDIR "/run/libvirt/libvirt-sock-ro") < 0 ||
                VIR_STRDUP(*admsockfile, LOCALSTATEDIR "/run/libvirt/libvirt-admin-sock") < 0)
237
                goto cleanup;
238
        } else {
239
            mode_t old_umask;
240

241
            if (!(rundir = virGetUserRuntimeDirectory()))
242
                goto cleanup;
243

244 245 246
            old_umask = umask(077);
            if (virFileMakePath(rundir) < 0) {
                umask(old_umask);
247
                goto cleanup;
248 249 250
            }
            umask(old_umask);

251
            if (virAsprintf(sockfile, "%s/libvirt-sock", rundir) < 0 ||
252 253
                virAsprintf(admsockfile, "%s/libvirt-admin-sock", rundir) < 0)
                goto cleanup;
254 255
        }
    }
256

257 258 259 260
    ret = 0;
 cleanup:
    VIR_FREE(rundir);
    return ret;
D
Daniel P. Berrange 已提交
261 262
}

263 264 265

static void daemonErrorHandler(void *opaque ATTRIBUTE_UNUSED,
                               virErrorPtr err ATTRIBUTE_UNUSED)
266 267 268 269 270
{
    /* Don't do anything, since logging infrastructure already
     * took care of reporting the error */
}

271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287
static int daemonErrorLogFilter(virErrorPtr err, int priority)
{
    /* These error codes don't really reflect real errors. They
     * are expected events that occur when an app tries to check
     * whether a particular guest already exists. This filters
     * them to a lower log level to prevent pollution of syslog
     */
    switch (err->code) {
    case VIR_ERR_NO_DOMAIN:
    case VIR_ERR_NO_NETWORK:
    case VIR_ERR_NO_STORAGE_POOL:
    case VIR_ERR_NO_STORAGE_VOL:
    case VIR_ERR_NO_NODE_DEVICE:
    case VIR_ERR_NO_INTERFACE:
    case VIR_ERR_NO_NWFILTER:
    case VIR_ERR_NO_SECRET:
    case VIR_ERR_NO_DOMAIN_SNAPSHOT:
288
    case VIR_ERR_OPERATION_INVALID:
289
    case VIR_ERR_NO_DOMAIN_METADATA:
290 291
    case VIR_ERR_NO_SERVER:
    case VIR_ERR_NO_CLIENT:
292 293 294 295 296 297
        return VIR_LOG_DEBUG;
    }

    return priority;
}

298

299
#define VIR_DAEMON_LOAD_MODULE(func, module) \
300
    virDriverLoadModule(module, #func)
301 302
static void daemonInitialize(void)
{
303 304
    /*
     * Note that the order is important: the first ones have a higher
305 306 307
     * priority when calling virStateInitialize. We must register the
     * network, storage and nodedev drivers before any stateful domain
     * driver, since their resources must be auto-started before any
308
     * domains can be auto-started.
309
     */
310 311
    /* We don't care if any of these fail, because the whole point
     * is to allow users to only install modules they want to use.
D
Dan Kenigsberg 已提交
312
     * If they try to open a connection for a module that
313 314
     * is not loaded they'll get a suitable error at that point
     */
315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355
#ifdef WITH_NETWORK
    VIR_DAEMON_LOAD_MODULE(networkRegister, "network");
#endif
#ifdef WITH_INTERFACE
    VIR_DAEMON_LOAD_MODULE(interfaceRegister, "interface");
#endif
#ifdef WITH_STORAGE
    VIR_DAEMON_LOAD_MODULE(storageRegister, "storage");
#endif
#ifdef WITH_NODE_DEVICES
    VIR_DAEMON_LOAD_MODULE(nodedevRegister, "nodedev");
#endif
#ifdef WITH_SECRETS
    VIR_DAEMON_LOAD_MODULE(secretRegister, "secret");
#endif
#ifdef WITH_NWFILTER
    VIR_DAEMON_LOAD_MODULE(nwfilterRegister, "nwfilter");
#endif
#ifdef WITH_XEN
    VIR_DAEMON_LOAD_MODULE(xenRegister, "xen");
#endif
#ifdef WITH_LIBXL
    VIR_DAEMON_LOAD_MODULE(libxlRegister, "libxl");
#endif
#ifdef WITH_QEMU
    VIR_DAEMON_LOAD_MODULE(qemuRegister, "qemu");
#endif
#ifdef WITH_LXC
    VIR_DAEMON_LOAD_MODULE(lxcRegister, "lxc");
#endif
#ifdef WITH_UML
    VIR_DAEMON_LOAD_MODULE(umlRegister, "uml");
#endif
#ifdef WITH_VBOX
    VIR_DAEMON_LOAD_MODULE(vboxRegister, "vbox");
#endif
#ifdef WITH_BHYVE
    VIR_DAEMON_LOAD_MODULE(bhyveRegister, "bhyve");
#endif
#ifdef WITH_VZ
    VIR_DAEMON_LOAD_MODULE(vzRegister, "vz");
356
#endif
357
}
358
#undef VIR_DAEMON_LOAD_MODULE
359 360


361 362
static int ATTRIBUTE_NONNULL(3)
daemonSetupNetworking(virNetServerPtr srv,
363
                      virNetServerPtr srvAdm,
364 365 366
                      struct daemonConfig *config,
                      const char *sock_path,
                      const char *sock_path_ro,
367
                      const char *sock_path_adm,
368 369
                      bool ipsock,
                      bool privileged)
370 371
{
    virNetServerServicePtr svc = NULL;
372
    virNetServerServicePtr svcAdm = NULL;
373 374
    virNetServerServicePtr svcRO = NULL;
    virNetServerServicePtr svcTCP = NULL;
375
#if WITH_GNUTLS
376
    virNetServerServicePtr svcTLS = NULL;
377
#endif
378 379 380
    gid_t unix_sock_gid = 0;
    int unix_sock_ro_mask = 0;
    int unix_sock_rw_mask = 0;
381
    int unix_sock_adm_mask = 0;
382
    int ret = -1;
383

384 385 386
    unsigned int cur_fd = STDERR_FILENO + 1;
    unsigned int nfds = virGetListenFDs();

387 388
    if (config->unix_sock_group) {
        if (virGetGroupID(config->unix_sock_group, &unix_sock_gid) < 0)
389
            return ret;
390
    }
391

392
    if (nfds > (sock_path_ro ? 2 : 1)) {
393
        VIR_ERROR(_("Too many (%u) FDs passed from caller"), nfds);
394
        return ret;
395 396
    }

397 398
    if (virStrToLong_i(config->unix_sock_ro_perms, NULL, 8, &unix_sock_ro_mask) != 0) {
        VIR_ERROR(_("Failed to parse mode '%s'"), config->unix_sock_ro_perms);
399
        goto cleanup;
400
    }
401

402 403
    if (virStrToLong_i(config->unix_sock_admin_perms, NULL, 8, &unix_sock_adm_mask) != 0) {
        VIR_ERROR(_("Failed to parse mode '%s'"), config->unix_sock_admin_perms);
404
        goto cleanup;
405 406
    }

407 408
    if (virStrToLong_i(config->unix_sock_rw_perms, NULL, 8, &unix_sock_rw_mask) != 0) {
        VIR_ERROR(_("Failed to parse mode '%s'"), config->unix_sock_rw_perms);
409
        goto cleanup;
410
    }
411

412 413 414 415
    if (!(svc = virNetServerServiceNewFDOrUNIX(sock_path,
                                               unix_sock_rw_mask,
                                               unix_sock_gid,
                                               config->auth_unix_rw,
416
#if WITH_GNUTLS
417
                                               NULL,
418
#endif
419 420 421 422
                                               false,
                                               config->max_queued_clients,
                                               config->max_client_requests,
                                               nfds, &cur_fd)))
423
        goto cleanup;
424
    if (sock_path_ro) {
425 426 427 428
        if (!(svcRO = virNetServerServiceNewFDOrUNIX(sock_path_ro,
                                                     unix_sock_ro_mask,
                                                     unix_sock_gid,
                                                     config->auth_unix_ro,
429
#if WITH_GNUTLS
430
                                                     NULL,
431
#endif
432 433 434 435
                                                     true,
                                                     config->max_queued_clients,
                                                     config->max_client_requests,
                                                     nfds, &cur_fd)))
436
            goto cleanup;
437
    }
438

439 440 441 442
    if (virNetServerAddService(srv, svc,
                               config->mdns_adv && !ipsock ?
                               "_libvirt._tcp" :
                               NULL) < 0)
443
        goto cleanup;
444

445 446
    if (svcRO &&
        virNetServerAddService(srv, svcRO, NULL) < 0)
447
        goto cleanup;
448

449
    if (sock_path_adm) {
450 451 452 453 454 455 456 457
        VIR_DEBUG("Registering unix socket %s", sock_path_adm);
        if (!(svcAdm = virNetServerServiceNewUNIX(sock_path_adm,
                                                  unix_sock_adm_mask,
                                                  unix_sock_gid,
                                                  REMOTE_AUTH_NONE,
#if WITH_GNUTLS
                                                  NULL,
#endif
458
                                                  false,
459 460
                                                  config->admin_max_queued_clients,
                                                  config->admin_max_client_requests)))
461
            goto cleanup;
462

463
        if (virNetServerAddService(srvAdm, svcAdm, NULL) < 0)
464
            goto cleanup;
465
    }
466

467
    if (ipsock) {
468
        if (config->listen_tcp) {
469 470
            VIR_DEBUG("Registering TCP socket %s:%s",
                      config->listen_addr, config->tcp_port);
471 472
            if (!(svcTCP = virNetServerServiceNewTCP(config->listen_addr,
                                                     config->tcp_port,
473
                                                     AF_UNSPEC,
474
                                                     config->auth_tcp,
475
#if WITH_GNUTLS
476 477
                                                     NULL,
#endif
478
                                                     false,
M
Michal Privoznik 已提交
479
                                                     config->max_queued_clients,
480
                                                     config->max_client_requests)))
481
                goto cleanup;
482

483 484
            if (virNetServerAddService(srv, svcTCP,
                                       config->mdns_adv ? "_libvirt._tcp" : NULL) < 0)
485
                goto cleanup;
486 487
        }

488
#if WITH_GNUTLS
489 490
        if (config->listen_tls) {
            virNetTLSContextPtr ctxt = NULL;
491

492 493 494
            if (config->ca_file ||
                config->cert_file ||
                config->key_file) {
495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511
                if (!config->ca_file) {
                    virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                                   _("No CA certificate path set to match server key/cert"));
                    goto cleanup;
                }
                if (!config->cert_file) {
                    virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                                   _("No server certificate path set to match server key"));
                    goto cleanup;
                }
                if (!config->key_file) {
                    virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                                   _("No server key path set to match server cert"));
                    goto cleanup;
                }
                VIR_DEBUG("Using CA='%s' cert='%s' key='%s'",
                          config->ca_file, config->cert_file, config->key_file);
512 513 514 515 516
                if (!(ctxt = virNetTLSContextNewServer(config->ca_file,
                                                       config->crl_file,
                                                       config->cert_file,
                                                       config->key_file,
                                                       (const char *const*)config->tls_allowed_dn_list,
517
                                                       config->tls_priority,
518
                                                       config->tls_no_sanity_certificate ? false : true,
519
                                                       config->tls_no_verify_certificate ? false : true)))
520
                    goto cleanup;
521 522 523 524
            } else {
                if (!(ctxt = virNetTLSContextNewServerPath(NULL,
                                                           !privileged,
                                                           (const char *const*)config->tls_allowed_dn_list,
525
                                                           config->tls_priority,
526
                                                           config->tls_no_sanity_certificate ? false : true,
527
                                                           config->tls_no_verify_certificate ? false : true)))
528
                    goto cleanup;
529 530
            }

531 532
            VIR_DEBUG("Registering TLS socket %s:%s",
                      config->listen_addr, config->tls_port);
533 534 535
            if (!(svcTLS =
                  virNetServerServiceNewTCP(config->listen_addr,
                                            config->tls_port,
536
                                            AF_UNSPEC,
537
                                            config->auth_tls,
538
                                            ctxt,
539
                                            false,
M
Michal Privoznik 已提交
540
                                            config->max_queued_clients,
541
                                            config->max_client_requests))) {
542
                virObjectUnref(ctxt);
543
                goto cleanup;
544
            }
545 546 547
            if (virNetServerAddService(srv, svcTLS,
                                       config->mdns_adv &&
                                       !config->listen_tcp ? "_libvirt._tcp" : NULL) < 0)
548
                goto cleanup;
549

550
            virObjectUnref(ctxt);
551
        }
552 553 554 555 556
#else
        (void)privileged;
        if (config->listen_tls) {
            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                           _("This libvirtd build does not support TLS"));
557
            goto cleanup;
558 559
        }
#endif
560 561
    }

562
#if WITH_SASL
563
    if (config->auth_unix_rw == REMOTE_AUTH_SASL ||
564
        (sock_path_ro && config->auth_unix_ro == REMOTE_AUTH_SASL) ||
565
# if WITH_GNUTLS
566
        (ipsock && config->listen_tls && config->auth_tls == REMOTE_AUTH_SASL) ||
567
# endif
568
        (ipsock && config->listen_tcp && config->auth_tcp == REMOTE_AUTH_SASL)) {
569 570 571
        saslCtxt = virNetSASLContextNewServer(
            (const char *const*)config->sasl_allowed_username_list);
        if (!saslCtxt)
572
            goto cleanup;
D
Daniel P. Berrange 已提交
573
    }
574
#endif
D
Daniel P. Berrange 已提交
575

576
    ret = 0;
577

578
 cleanup:
579
#if WITH_GNUTLS
580
    virObjectUnref(svcTLS);
581
#endif
582 583
    virObjectUnref(svcTCP);
    virObjectUnref(svcRO);
584
    virObjectUnref(svcAdm);
585 586
    virObjectUnref(svc);
    return ret;
D
Daniel P. Berrange 已提交
587 588 589
}


590 591 592 593 594 595 596 597 598 599
/*
 * Set up the openvswitch timeout
 */
static void
daemonSetupNetDevOpenvswitch(struct daemonConfig *config)
{
    virNetDevOpenvswitchSetTimeout(config->ovs_timeout);
}


600 601
/*
 * Set up the logging environment
602 603
 * By default if daemonized all errors go to the logfile libvirtd.log,
 * but if verbose or error debugging is asked for then also output
604
 * informational and debug messages. Default size if 64 kB.
605
 */
606
static int
607 608 609 610
daemonSetupLogging(struct daemonConfig *config,
                   bool privileged,
                   bool verbose,
                   bool godaemon)
611
{
612 613
    virLogReset();

614
    /*
615 616 617
     * Libvirtd's order of precedence is:
     * cmdline > environment > config
     *
618
     * Given the precedence, we must process the variables in the opposite
619
     * order, each one overriding the previous.
620
     */
621 622
    if (config->log_level != 0)
        virLogSetDefaultPriority(config->log_level);
623

624 625 626
    /* In case the config is empty, both filters and outputs will become empty,
     * however we can't start with empty outputs, thus we'll need to define and
     * setup a default one.
627 628 629
     */
    ignore_value(virLogSetFilters(config->log_filters));
    ignore_value(virLogSetOutputs(config->log_outputs));
630

631 632
    /* If there are some environment variables defined, use those instead */
    virLogSetFromEnv();
633

634 635 636 637 638 639
    /*
     * Command line override for --verbose
     */
    if ((verbose) && (virLogGetDefaultPriority() > VIR_LOG_INFO))
        virLogSetDefaultPriority(VIR_LOG_INFO);

640 641 642 643 644 645 646 647 648
    /* Define the default output. This is only applied if there was no setting
     * from either the config or the environment.
     */
    if (virLogSetDefaultOutput("libvirtd.log", godaemon, privileged) < 0)
        return -1;

    if (virLogGetNbOutputs() == 0)
        virLogSetOutputs(virLogGetDefaultOutput());

649 650 651
    return 0;
}

652

653 654 655 656 657
static int
daemonSetupAccessManager(struct daemonConfig *config)
{
    virAccessManagerPtr mgr;
    const char *none[] = { "none", NULL };
J
Ján Tomko 已提交
658
    const char **drv = (const char **)config->access_drivers;
659

J
Ján Tomko 已提交
660 661 662
    if (!drv ||
        !drv[0])
        drv = none;
663

J
Ján Tomko 已提交
664
    if (!(mgr = virAccessManagerNewStack(drv)))
665 666 667 668 669 670 671 672
        return -1;

    virAccessManagerSetDefault(mgr);
    virObjectUnref(mgr);
    return 0;
}


673 674
/* Display version information. */
static void
675
daemonVersion(const char *argv0)
676
{
677
    printf("%s (%s) %s\n", argv0, PACKAGE_NAME, PACKAGE_VERSION);
678 679
}

J
John Levon 已提交
680 681
#ifdef __sun
static int
682
daemonSetupPrivs(void)
J
John Levon 已提交
683
{
684
    chown("/var/run/libvirt", SYSTEM_UID, SYSTEM_UID);
J
John Levon 已提交
685

686 687
    if (__init_daemon_priv(PU_RESETGROUPS | PU_CLEARLIMITSET,
                           SYSTEM_UID, SYSTEM_UID, PRIV_XVM_CONTROL, NULL)) {
688
        VIR_ERROR(_("additional privileges are required"));
J
John Levon 已提交
689 690 691
        return -1;
    }

692 693
    if (priv_set(PRIV_OFF, PRIV_ALLSETS, PRIV_FILE_LINK_ANY, PRIV_PROC_INFO,
                 PRIV_PROC_SESSION, PRIV_PROC_EXEC, PRIV_PROC_FORK, NULL)) {
694
        VIR_ERROR(_("failed to set reduced privileges"));
J
John Levon 已提交
695 696 697 698 699 700
        return -1;
    }

    return 0;
}
#else
701
# define daemonSetupPrivs() 0
J
John Levon 已提交
702 703
#endif

704

705
static void daemonShutdownHandler(virNetDaemonPtr dmn,
706 707
                                  siginfo_t *sig ATTRIBUTE_UNUSED,
                                  void *opaque ATTRIBUTE_UNUSED)
708
{
709
    virNetDaemonQuit(dmn);
710
}
711

712 713 714 715 716 717 718 719 720
static void daemonReloadHandlerThread(void *opague ATTRIBUTE_UNUSED)
{
    VIR_INFO("Reloading configuration on SIGHUP");
    virHookCall(VIR_HOOK_DRIVER_DAEMON, "-",
                VIR_HOOK_DAEMON_OP_RELOAD, SIGHUP, "SIGHUP", NULL, NULL);
    if (virStateReload() < 0)
        VIR_WARN("Error while reloading drivers");
}

721
static void daemonReloadHandler(virNetDaemonPtr dmn ATTRIBUTE_UNUSED,
722 723 724
                                siginfo_t *sig ATTRIBUTE_UNUSED,
                                void *opaque ATTRIBUTE_UNUSED)
{
725 726
    virThread thr;

727 728 729 730 731
    if (!driversInitialized) {
        VIR_WARN("Drivers are not initialized, reload ignored");
        return;
    }

732 733 734 735 736 737
    if (virThreadCreate(&thr, false, daemonReloadHandlerThread, NULL) < 0) {
        /*
         * Not much we can do on error here except log it.
         */
        VIR_ERROR(_("Failed to create thread to handle daemon restart"));
    }
738 739
}

740
static int daemonSetupSignals(virNetDaemonPtr dmn)
741
{
742
    if (virNetDaemonAddSignalHandler(dmn, SIGINT, daemonShutdownHandler, NULL) < 0)
743
        return -1;
744
    if (virNetDaemonAddSignalHandler(dmn, SIGQUIT, daemonShutdownHandler, NULL) < 0)
745
        return -1;
746
    if (virNetDaemonAddSignalHandler(dmn, SIGTERM, daemonShutdownHandler, NULL) < 0)
747
        return -1;
748
    if (virNetDaemonAddSignalHandler(dmn, SIGHUP, daemonReloadHandler, NULL) < 0)
749
        return -1;
750 751
    return 0;
}
752

753 754 755

static void daemonInhibitCallback(bool inhibit, void *opaque)
{
756
    virNetDaemonPtr dmn = opaque;
757 758

    if (inhibit)
759
        virNetDaemonAddShutdownInhibition(dmn);
760
    else
761
        virNetDaemonRemoveShutdownInhibition(dmn);
762 763 764
}


765
#ifdef WITH_DBUS
766 767 768 769 770
static DBusConnection *sessionBus;
static DBusConnection *systemBus;

static void daemonStopWorker(void *opaque)
{
771
    virNetDaemonPtr dmn = opaque;
772

773
    VIR_DEBUG("Begin stop dmn=%p", dmn);
774 775 776

    ignore_value(virStateStop());

777
    VIR_DEBUG("Completed stop dmn=%p", dmn);
778 779

    /* Exit libvirtd cleanly */
780
    virNetDaemonQuit(dmn);
781 782 783 784
}


/* We do this in a thread to not block the main loop */
785
static void daemonStop(virNetDaemonPtr dmn)
786 787
{
    virThread thr;
788 789 790
    virObjectRef(dmn);
    if (virThreadCreate(&thr, false, daemonStopWorker, dmn) < 0)
        virObjectUnref(dmn);
791 792 793 794 795 796 797 798
}


static DBusHandlerResult
handleSessionMessageFunc(DBusConnection *connection ATTRIBUTE_UNUSED,
                         DBusMessage *message,
                         void *opaque)
{
799
    virNetDaemonPtr dmn = opaque;
800

801
    VIR_DEBUG("dmn=%p", dmn);
802 803 804 805

    if (dbus_message_is_signal(message,
                               DBUS_INTERFACE_LOCAL,
                               "Disconnected"))
806
        daemonStop(dmn);
807 808 809 810 811 812 813 814 815 816

    return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
}


static DBusHandlerResult
handleSystemMessageFunc(DBusConnection *connection ATTRIBUTE_UNUSED,
                        DBusMessage *message,
                        void *opaque)
{
817
    virNetDaemonPtr dmn = opaque;
818

819
    VIR_DEBUG("dmn=%p", dmn);
820 821 822 823

    if (dbus_message_is_signal(message,
                               "org.freedesktop.login1.Manager",
                               "PrepareForShutdown"))
824
        daemonStop(dmn);
825 826 827 828 829 830

    return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
}
#endif


831 832
static void daemonRunStateInit(void *opaque)
{
833
    virNetDaemonPtr dmn = opaque;
834 835 836
    virIdentityPtr sysident = virIdentityGetSystem();

    virIdentitySetCurrent(sysident);
837

838 839
    /* Since driver initialization can take time inhibit daemon shutdown until
       we're done so clients get a chance to connect */
840
    daemonInhibitCallback(true, dmn);
841

842
    /* Start the stateful HV drivers
E
Eric Blake 已提交
843
     * This is deliberately done after telling the parent process
844 845
     * we're ready, since it can take a long time and this will
     * seriously delay OS bootup process */
846
    if (virStateInitialize(virNetDaemonIsPrivileged(dmn),
847
                           daemonInhibitCallback,
848
                           dmn) < 0) {
849
        VIR_ERROR(_("Driver state initialization failed"));
850 851
        /* Ensure the main event loop quits */
        kill(getpid(), SIGTERM);
852
        goto cleanup;
853 854
    }

855 856
    driversInitialized = true;

857
#ifdef WITH_DBUS
858
    /* Tie the non-privileged libvirtd to the session/shutdown lifecycle */
859
    if (!virNetDaemonIsPrivileged(dmn)) {
860 861 862 863

        sessionBus = virDBusGetSessionBus();
        if (sessionBus != NULL)
            dbus_connection_add_filter(sessionBus,
864
                                       handleSessionMessageFunc, dmn, NULL);
865 866 867 868

        systemBus = virDBusGetSystemBus();
        if (systemBus != NULL) {
            dbus_connection_add_filter(systemBus,
869
                                       handleSystemMessageFunc, dmn, NULL);
870 871 872 873 874 875
            dbus_bus_add_match(systemBus,
                               "type='signal',sender='org.freedesktop.login1', interface='org.freedesktop.login1.Manager'",
                               NULL);
        }
    }
#endif
876
    /* Only now accept clients from network */
877
    virNetDaemonUpdateServices(dmn, true);
878
 cleanup:
879 880
    daemonInhibitCallback(false, dmn);
    virObjectUnref(dmn);
881 882
    virObjectUnref(sysident);
    virIdentitySetCurrent(NULL);
883
}
884

885
static int daemonStateInit(virNetDaemonPtr dmn)
886 887
{
    virThread thr;
888 889 890
    virObjectRef(dmn);
    if (virThreadCreate(&thr, false, daemonRunStateInit, dmn) < 0) {
        virObjectUnref(dmn);
891 892
        return -1;
    }
893 894 895
    return 0;
}

896 897 898 899 900 901 902 903 904 905 906
static int migrateProfile(void)
{
    char *old_base = NULL;
    char *updated = NULL;
    char *home = NULL;
    char *xdg_dir = NULL;
    char *config_dir = NULL;
    const char *config_home;
    int ret = -1;
    mode_t old_umask;

907 908
    VIR_DEBUG("Checking if user profile needs migrating");

909
    if (!(home = virGetUserDirectory()))
910 911
        goto cleanup;

912
    if (virAsprintf(&old_base, "%s/.libvirt", home) < 0)
913 914 915
        goto cleanup;

    /* if the new directory is there or the old one is not: do nothing */
916
    if (!(config_dir = virGetUserConfigDirectory()))
917 918 919
        goto cleanup;

    if (!virFileIsDir(old_base) || virFileExists(config_dir)) {
920 921 922
        VIR_DEBUG("No old profile in '%s' / "
                  "new profile directory already present '%s'",
                  old_base, config_dir);
923 924 925 926 927
        ret = 0;
        goto cleanup;
    }

    /* test if we already attempted to migrate first */
928
    if (virAsprintf(&updated, "%s/DEPRECATED-DIRECTORY", old_base) < 0)
929
        goto cleanup;
930
    if (virFileExists(updated))
931 932
        goto cleanup;

933
    config_home = virGetEnvBlockSUID("XDG_CONFIG_HOME");
934
    if (config_home && config_home[0] != '\0') {
935 936
        if (VIR_STRDUP(xdg_dir, config_home) < 0)
            goto cleanup;
937
    } else {
938
        if (virAsprintf(&xdg_dir, "%s/.config", home) < 0)
939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955
            goto cleanup;
    }

    old_umask = umask(077);
    if (virFileMakePath(xdg_dir) < 0) {
        umask(old_umask);
        goto cleanup;
    }
    umask(old_umask);

    if (rename(old_base, config_dir) < 0) {
        int fd = creat(updated, 0600);
        VIR_FORCE_CLOSE(fd);
        VIR_ERROR(_("Unable to migrate %s to %s"), old_base, config_dir);
        goto cleanup;
    }

956
    VIR_DEBUG("Profile migrated from %s to %s", old_base, config_dir);
957 958 959 960 961 962 963 964 965 966 967 968
    ret = 0;

 cleanup:
    VIR_FREE(home);
    VIR_FREE(old_base);
    VIR_FREE(xdg_dir);
    VIR_FREE(config_dir);
    VIR_FREE(updated);

    return ret;
}

969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001
static int
daemonSetupHostUUID(const struct daemonConfig *config)
{
    static const char *machine_id = "/etc/machine-id";
    char buf[VIR_UUID_STRING_BUFLEN];
    const char *uuid;

    if (config->host_uuid) {
        uuid = config->host_uuid;
    } else if (!config->host_uuid_source ||
               STREQ(config->host_uuid_source, "smbios")) {
        /* smbios UUID is fetched on demand in virGetHostUUID */
        return 0;
    } else if (STREQ(config->host_uuid_source, "machine-id")) {
        if (virFileReadBufQuiet(machine_id, buf, sizeof(buf)) < 0) {
            VIR_ERROR(_("Can't read %s"), machine_id);
            return -1;
        }

        uuid = buf;
    } else {
        VIR_ERROR(_("invalid UUID source: %s"), config->host_uuid_source);
        return -1;
    }

    if (virSetHostUUIDStr(uuid)) {
        VIR_ERROR(_("invalid host UUID: %s"), uuid);
        return -1;
    }

    return 0;
}

1002 1003
/* Print command-line usage. */
static void
1004
daemonUsage(const char *argv0, bool privileged)
1005
{
1006 1007 1008 1009 1010 1011
    fprintf(stderr,
            _("\n"
              "Usage:\n"
              "  %s [options]\n"
              "\n"
              "Options:\n"
1012
              "  -h | --help            Display program help:\n"
1013 1014 1015 1016 1017
              "  -v | --verbose         Verbose messages.\n"
              "  -d | --daemon          Run as a daemon & write PID file.\n"
              "  -l | --listen          Listen for TCP/IP connections.\n"
              "  -t | --timeout <secs>  Exit after timeout period.\n"
              "  -f | --config <file>   Configuration file.\n"
1018
              "  -V | --version         Display version information.\n"
1019 1020 1021 1022
              "  -p | --pid-file <file> Change name of PID file.\n"
              "\n"
              "libvirt management daemon:\n"),
            argv0);
1023 1024 1025

    if (privileged) {
        fprintf(stderr,
1026 1027 1028 1029
                _("\n"
                  "  Default paths:\n"
                  "\n"
                  "    Configuration file (unless overridden by -f):\n"
1030
                  "      %s\n"
1031 1032
                  "\n"
                  "    Sockets:\n"
1033 1034
                  "      %s\n"
                  "      %s\n"
1035 1036
                  "\n"
                  "    TLS:\n"
1037 1038 1039
                  "      CA certificate:     %s\n"
                  "      Server certificate: %s\n"
                  "      Server private key: %s\n"
1040 1041 1042 1043
                  "\n"
                  "    PID file (unless overridden by -p):\n"
                  "      %s/run/libvirtd.pid\n"
                  "\n"),
1044 1045 1046
                LIBVIRTD_CONFIGURATION_FILE,
                LIBVIRTD_PRIV_UNIX_SOCKET,
                LIBVIRTD_PRIV_UNIX_SOCKET_RO,
1047 1048 1049
                LIBVIRT_CACERT,
                LIBVIRT_SERVERCERT,
                LIBVIRT_SERVERKEY,
1050 1051
                LOCALSTATEDIR);
    } else {
1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069
        fprintf(stderr, "%s",
                _("\n"
                  "  Default paths:\n"
                  "\n"
                  "    Configuration file (unless overridden by -f):\n"
                  "      $XDG_CONFIG_HOME/libvirt/libvirtd.conf\n"
                  "\n"
                  "    Sockets:\n"
                  "      $XDG_RUNTIME_DIR/libvirt/libvirt-sock\n"
                  "\n"
                  "    TLS:\n"
                  "      CA certificate:     $HOME/.pki/libvirt/cacert.pem\n"
                  "      Server certificate: $HOME/.pki/libvirt/servercert.pem\n"
                  "      Server private key: $HOME/.pki/libvirt/serverkey.pem\n"
                  "\n"
                  "    PID file:\n"
                  "      $XDG_RUNTIME_DIR/libvirt/libvirtd.pid\n"
                  "\n"));
1070
    }
1071 1072
}

D
Daniel P. Berrange 已提交
1073
int main(int argc, char **argv) {
1074
    virNetDaemonPtr dmn = NULL;
1075
    virNetServerPtr srv = NULL;
1076
    virNetServerPtr srvAdm = NULL;
1077
    char *remote_config_file = NULL;
1078
    int statuswrite = -1;
1079
    int ret = 1;
1080
    int pid_file_fd = -1;
1081 1082 1083
    char *pid_file = NULL;
    char *sock_file = NULL;
    char *sock_file_ro = NULL;
1084
    char *sock_file_adm = NULL;
1085 1086 1087 1088 1089 1090
    int timeout = -1;        /* -t: Shutdown timeout */
    int verbose = 0;
    int godaemon = 0;
    int ipsock = 0;
    struct daemonConfig *config;
    bool privileged = geteuid() == 0 ? true : false;
1091
    bool implicit_conf = false;
1092 1093
    char *run_dir = NULL;
    mode_t old_umask;
D
Daniel P. Berrange 已提交
1094 1095

    struct option opts[] = {
1096 1097 1098
        { "verbose", no_argument, &verbose, 'v'},
        { "daemon", no_argument, &godaemon, 'd'},
        { "listen", no_argument, &ipsock, 'l'},
1099
        { "config", required_argument, NULL, 'f'},
1100 1101
        { "timeout", required_argument, NULL, 't'},
        { "pid-file", required_argument, NULL, 'p'},
1102 1103
        { "version", no_argument, NULL, 'V' },
        { "help", no_argument, NULL, 'h' },
D
Daniel P. Berrange 已提交
1104 1105 1106
        {0, 0, 0, 0}
    };

1107
    if (virGettextInitialize() < 0 ||
E
Eric Blake 已提交
1108
        virInitialize() < 0) {
1109
        fprintf(stderr, _("%s: initialization failed\n"), argv[0]);
E
Eric Blake 已提交
1110
        exit(EXIT_FAILURE);
1111
    }
D
Daniel P. Berrange 已提交
1112

1113 1114
    virUpdateSelfLastChanged(argv[0]);

1115 1116
    virFileActivateDirOverride(argv[0]);

D
Daniel P. Berrange 已提交
1117 1118 1119 1120 1121
    while (1) {
        int optidx = 0;
        int c;
        char *tmp;

1122
        c = getopt_long(argc, argv, "ldf:p:t:vVh", opts, &optidx);
D
Daniel P. Berrange 已提交
1123

1124
        if (c == -1)
D
Daniel P. Berrange 已提交
1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136
            break;

        switch (c) {
        case 0:
            /* Got one of the flags */
            break;
        case 'v':
            verbose = 1;
            break;
        case 'd':
            godaemon = 1;
            break;
1137 1138
        case 'l':
            ipsock = 1;
D
Daniel P. Berrange 已提交
1139 1140 1141
            break;

        case 't':
1142
            if (virStrToLong_i(optarg, &tmp, 10, &timeout) != 0
1143 1144
                || timeout <= 0
                /* Ensure that we can multiply by 1000 without overflowing.  */
1145 1146 1147 1148
                || timeout > INT_MAX / 1000) {
                VIR_ERROR(_("Invalid value for timeout"));
                exit(EXIT_FAILURE);
            }
D
Daniel P. Berrange 已提交
1149
            break;
1150 1151

        case 'p':
1152
            VIR_FREE(pid_file);
1153
            if (VIR_STRDUP_QUIET(pid_file, optarg) < 0) {
1154
                VIR_ERROR(_("Can't allocate memory"));
1155
                exit(EXIT_FAILURE);
1156
            }
1157 1158 1159
            break;

        case 'f':
1160
            VIR_FREE(remote_config_file);
1161
            if (VIR_STRDUP_QUIET(remote_config_file, optarg) < 0) {
1162
                VIR_ERROR(_("Can't allocate memory"));
1163
                exit(EXIT_FAILURE);
1164
            }
1165 1166
            break;

1167
        case 'V':
1168
            daemonVersion(argv[0]);
1169
            exit(EXIT_SUCCESS);
1170

1171
        case 'h':
1172
            daemonUsage(argv[0], privileged);
1173
            exit(EXIT_SUCCESS);
D
Daniel P. Berrange 已提交
1174

1175
        case '?':
D
Daniel P. Berrange 已提交
1176
        default:
1177
            daemonUsage(argv[0], privileged);
1178
            exit(EXIT_FAILURE);
D
Daniel P. Berrange 已提交
1179 1180 1181
        }
    }

1182 1183 1184 1185 1186 1187
    if (optind != argc) {
        fprintf(stderr, "%s: unexpected, non-option, command line arguments\n",
                argv[0]);
        exit(EXIT_FAILURE);
    }

1188 1189
    if (!(config = daemonConfigNew(privileged))) {
        VIR_ERROR(_("Can't create initial configuration"));
1190
        exit(EXIT_FAILURE);
1191
    }
1192 1193

    /* No explicit config, so try and find a default one */
1194 1195 1196
    if (remote_config_file == NULL) {
        implicit_conf = true;
        if (daemonConfigFilePath(privileged,
1197 1198
                                 &remote_config_file) < 0) {
            VIR_ERROR(_("Can't determine config path"));
1199
            exit(EXIT_FAILURE);
1200
        }
1201
    }
1202 1203 1204

    /* Read the config file if it exists*/
    if (remote_config_file &&
1205
        daemonConfigLoadFile(config, remote_config_file, implicit_conf) < 0) {
1206 1207
        VIR_ERROR(_("Can't load config file: %s: %s"),
                  virGetLastErrorMessage(), remote_config_file);
1208
        exit(EXIT_FAILURE);
1209
    }
1210

1211
    if (!privileged &&
1212 1213
        migrateProfile() < 0) {
        VIR_ERROR(_("Exiting due to failure to migrate profile"));
1214
        exit(EXIT_FAILURE);
1215
    }
1216

1217 1218
    if (daemonSetupHostUUID(config) < 0) {
        VIR_ERROR(_("Can't setup host uuid"));
1219
        exit(EXIT_FAILURE);
1220 1221
    }

1222 1223
    if (daemonSetupLogging(config, privileged, verbose, godaemon) < 0) {
        VIR_ERROR(_("Can't initialize logging"));
1224
        exit(EXIT_FAILURE);
1225
    }
1226

1227 1228
    daemonSetupNetDevOpenvswitch(config);

1229 1230 1231 1232 1233
    if (daemonSetupAccessManager(config) < 0) {
        VIR_ERROR(_("Can't initialize access manager"));
        exit(EXIT_FAILURE);
    }

1234
    if (!pid_file &&
1235 1236 1237 1238
        virPidFileConstructPath(privileged,
                                LOCALSTATEDIR,
                                "libvirtd",
                                &pid_file) < 0) {
1239
        VIR_ERROR(_("Can't determine pid file path."));
1240
        exit(EXIT_FAILURE);
1241
    }
1242
    VIR_DEBUG("Decided on pid file path '%s'", NULLSTR(pid_file));
1243 1244 1245 1246

    if (daemonUnixSocketPaths(config,
                              privileged,
                              &sock_file,
1247 1248
                              &sock_file_ro,
                              &sock_file_adm) < 0) {
1249
        VIR_ERROR(_("Can't determine socket paths"));
1250
        exit(EXIT_FAILURE);
1251
    }
1252 1253 1254 1255
    VIR_DEBUG("Decided on socket paths '%s', '%s' and '%s'",
              sock_file,
              NULLSTR(sock_file_ro),
              NULLSTR(sock_file_adm));
1256

1257
    if (godaemon) {
1258
        char ebuf[1024];
1259 1260 1261 1262

        if (chdir("/") < 0) {
            VIR_ERROR(_("cannot change to root directory: %s"),
                      virStrerror(errno, ebuf, sizeof(ebuf)));
1263
            goto cleanup;
1264 1265
        }

1266
        if ((statuswrite = daemonForkIntoBackground(argv[0])) < 0) {
1267
            VIR_ERROR(_("Failed to fork as daemon: %s"),
1268
                      virStrerror(errno, ebuf, sizeof(ebuf)));
1269
            goto cleanup;
1270 1271 1272
        }
    }

1273 1274 1275 1276 1277 1278
    /* Try to claim the pidfile, exiting if we can't */
    if ((pid_file_fd = virPidFileAcquirePath(pid_file, false, getpid())) < 0) {
        ret = VIR_DAEMON_ERR_PIDFILE;
        goto cleanup;
    }

J
John Levon 已提交
1279
    /* Ensure the rundir exists (on tmpfs on some systems) */
1280
    if (privileged) {
1281 1282 1283 1284
        if (VIR_STRDUP_QUIET(run_dir, LOCALSTATEDIR "/run/libvirt") < 0) {
            VIR_ERROR(_("Can't allocate memory"));
            goto cleanup;
        }
1285
    } else {
1286
        run_dir = virGetUserRuntimeDirectory();
1287

1288
        if (!run_dir) {
1289 1290
            VIR_ERROR(_("Can't determine user directory"));
            goto cleanup;
J
John Levon 已提交
1291 1292
        }
    }
1293 1294 1295 1296
    if (privileged)
        old_umask = umask(022);
    else
        old_umask = umask(077);
1297
    VIR_DEBUG("Ensuring run dir '%s' exists", run_dir);
1298 1299 1300 1301 1302 1303 1304 1305
    if (virFileMakePath(run_dir) < 0) {
        char ebuf[1024];
        VIR_ERROR(_("unable to create rundir %s: %s"), run_dir,
                  virStrerror(errno, ebuf, sizeof(ebuf)));
        ret = VIR_DAEMON_ERR_RUNDIR;
        goto cleanup;
    }
    umask(old_umask);
J
John Levon 已提交
1306

1307 1308 1309 1310 1311
    if (virNetlinkStartup() < 0) {
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }

1312 1313 1314 1315 1316
    if (!(dmn = virNetDaemonNew())) {
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }

1317
    if (!(srv = virNetServerNew("libvirtd", 1,
1318
                                config->min_workers,
1319
                                config->max_workers,
1320
                                config->prio_workers,
1321
                                config->max_clients,
1322
                                config->max_anonymous_clients,
1323 1324
                                config->keepalive_interval,
                                config->keepalive_count,
1325
                                config->mdns_adv ? config->mdns_name : NULL,
1326
                                remoteClientNew,
1327
                                NULL,
1328
                                remoteClientFree,
1329
                                NULL))) {
1330 1331 1332 1333
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }

1334
    if (virNetDaemonAddServer(dmn, srv) < 0) {
1335 1336 1337 1338
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }

1339 1340 1341
    /* Beyond this point, nothing should rely on using
     * getuid/geteuid() == 0, for privilege level checks.
     */
1342
    VIR_DEBUG("Dropping privileges (if required)");
1343
    if (daemonSetupPrivs() < 0) {
1344
        ret = VIR_DAEMON_ERR_PRIVS;
1345
        goto cleanup;
1346
    }
J
John Levon 已提交
1347

1348
    daemonInitialize();
1349

1350 1351 1352 1353 1354 1355 1356 1357 1358
    remoteProcs[REMOTE_PROC_AUTH_LIST].needAuth = false;
    remoteProcs[REMOTE_PROC_AUTH_SASL_INIT].needAuth = false;
    remoteProcs[REMOTE_PROC_AUTH_SASL_STEP].needAuth = false;
    remoteProcs[REMOTE_PROC_AUTH_SASL_START].needAuth = false;
    remoteProcs[REMOTE_PROC_AUTH_POLKIT].needAuth = false;
    if (!(remoteProgram = virNetServerProgramNew(REMOTE_PROGRAM,
                                                 REMOTE_PROTOCOL_VERSION,
                                                 remoteProcs,
                                                 remoteNProcs))) {
1359
        ret = VIR_DAEMON_ERR_INIT;
1360 1361 1362 1363 1364
        goto cleanup;
    }
    if (virNetServerAddProgram(srv, remoteProgram) < 0) {
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
1365
    }
1366

1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378
    if (!(lxcProgram = virNetServerProgramNew(LXC_PROGRAM,
                                              LXC_PROTOCOL_VERSION,
                                              lxcProcs,
                                              lxcNProcs))) {
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }
    if (virNetServerAddProgram(srv, lxcProgram) < 0) {
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }

1379 1380 1381 1382 1383 1384 1385 1386 1387 1388
    if (!(qemuProgram = virNetServerProgramNew(QEMU_PROGRAM,
                                               QEMU_PROTOCOL_VERSION,
                                               qemuProcs,
                                               qemuNProcs))) {
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }
    if (virNetServerAddProgram(srv, qemuProgram) < 0) {
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
1389
    }
1390

1391
    if (!(srvAdm = virNetServerNew("admin", 1,
1392
                                   config->admin_min_workers,
1393 1394 1395 1396 1397 1398 1399
                                   config->admin_max_workers,
                                   0,
                                   config->admin_max_clients,
                                   0,
                                   config->admin_keepalive_interval,
                                   config->admin_keepalive_count,
                                   NULL,
1400
                                   remoteAdmClientNew,
1401
                                   NULL,
1402
                                   remoteAdmClientFree,
1403 1404 1405 1406 1407
                                   dmn))) {
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }

1408
    if (virNetDaemonAddServer(dmn, srvAdm) < 0) {
1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }

    if (!(adminProgram = virNetServerProgramNew(ADMIN_PROGRAM,
                                                ADMIN_PROTOCOL_VERSION,
                                                adminProcs,
                                                adminNProcs))) {
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }
    if (virNetServerAddProgram(srvAdm, adminProgram) < 0) {
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }

1425 1426
    if (timeout != -1) {
        VIR_DEBUG("Registering shutdown timeout %d", timeout);
1427
        virNetDaemonAutoShutdown(dmn, timeout);
1428
    }
1429

1430
    if ((daemonSetupSignals(dmn)) < 0) {
1431 1432
        ret = VIR_DAEMON_ERR_SIGNAL;
        goto cleanup;
1433
    }
D
Daniel P. Berrange 已提交
1434

1435
    if (config->audit_level) {
1436
        VIR_DEBUG("Attempting to configure auditing subsystem");
1437
        if (virAuditOpen(config->audit_level) < 0) {
1438
            if (config->audit_level > 1) {
1439
                ret = VIR_DAEMON_ERR_AUDIT;
1440
                goto cleanup;
1441
            }
1442
            VIR_DEBUG("Proceeding without auditing");
1443 1444
        }
    }
E
Eric Blake 已提交
1445
    virAuditLog(config->audit_logging > 0);
1446

1447
    /* setup the hooks if any */
1448
    if (virHookInitialize() < 0) {
1449
        ret = VIR_DAEMON_ERR_HOOKS;
1450
        goto cleanup;
1451 1452
    }

1453
    /* Disable error func, now logging is setup */
1454
    virSetErrorFunc(NULL, daemonErrorHandler);
1455
    virSetErrorLogPriorityFunc(daemonErrorLogFilter);
1456

1457 1458 1459 1460 1461 1462
    /*
     * Call the daemon startup hook
     * TODO: should we abort the daemon startup if the script returned
     *       an error ?
     */
    virHookCall(VIR_HOOK_DRIVER_DAEMON, "-", VIR_HOOK_DAEMON_OP_START,
1463
                0, "start", NULL, NULL);
1464

1465 1466 1467 1468 1469
    if (daemonSetupNetworking(srv, srvAdm,
                              config,
                              sock_file,
                              sock_file_ro,
                              sock_file_adm,
1470
                              ipsock, privileged) < 0) {
1471
        ret = VIR_DAEMON_ERR_NETWORK;
1472
        goto cleanup;
1473 1474
    }

1475 1476 1477 1478 1479 1480
    /* Tell parent of daemon that basic initialization is complete
     * In particular we're ready to accept net connections & have
     * written the pidfile
     */
    if (statuswrite != -1) {
        char status = 0;
1481
        ignore_value(safewrite(statuswrite, &status, 1));
1482
        VIR_FORCE_CLOSE(statuswrite);
1483 1484
    }

1485
    /* Initialize drivers & then start accepting new clients from network */
1486
    if (daemonStateInit(dmn) < 0) {
1487 1488
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
1489
    }
D
Daniel P. Berrange 已提交
1490

1491
#if defined(__linux__) && defined(NETLINK_ROUTE)
1492 1493
    /* Register the netlink event service for NETLINK_ROUTE */
    if (virNetlinkEventServiceStart(NETLINK_ROUTE, 0) < 0) {
1494 1495 1496
        ret = VIR_DAEMON_ERR_NETWORK;
        goto cleanup;
    }
1497
#endif
1498

1499
#if defined(__linux__) && defined(NETLINK_KOBJECT_UEVENT)
T
Tang Chen 已提交
1500 1501 1502 1503 1504
    /* Register the netlink event service for NETLINK_KOBJECT_UEVENT */
    if (virNetlinkEventServiceStart(NETLINK_KOBJECT_UEVENT, 1) < 0) {
        ret = VIR_DAEMON_ERR_NETWORK;
        goto cleanup;
    }
1505
#endif
T
Tang Chen 已提交
1506

1507
    /* Run event loop. */
1508
    virNetDaemonRun(dmn);
1509

1510 1511
    ret = 0;

1512
    virHookCall(VIR_HOOK_DRIVER_DAEMON, "-", VIR_HOOK_DAEMON_OP_SHUTDOWN,
1513
                0, "shutdown", NULL, NULL);
1514

1515
 cleanup:
1516 1517 1518
    /* Keep cleanup order in inverse order of startup */
    virNetDaemonClose(dmn);

1519
    virNetlinkEventServiceStopAll();
1520 1521 1522 1523 1524 1525 1526 1527

    if (driversInitialized) {
        /* NB: Possible issue with timing window between driversInitialized
         * setting if virNetlinkEventServerStart fails */
        driversInitialized = false;
        virStateCleanup();
    }

1528 1529
    virObjectUnref(adminProgram);
    virObjectUnref(srvAdm);
1530 1531 1532 1533 1534 1535
    virObjectUnref(qemuProgram);
    virObjectUnref(lxcProgram);
    virObjectUnref(remoteProgram);
    virObjectUnref(srv);
    virObjectUnref(dmn);

1536
    virNetlinkShutdown();
1537 1538 1539 1540 1541 1542

    if (pid_file_fd != -1)
        virPidFileReleasePath(pid_file, pid_file_fd);

    VIR_FREE(run_dir);

1543 1544 1545 1546
    if (statuswrite != -1) {
        if (ret != 0) {
            /* Tell parent of daemon what failed */
            char status = ret;
1547
            ignore_value(safewrite(statuswrite, &status, 1));
1548
        }
1549
        VIR_FORCE_CLOSE(statuswrite);
1550
    }
1551 1552 1553

    VIR_FREE(sock_file);
    VIR_FREE(sock_file_ro);
1554
    VIR_FREE(sock_file_adm);
1555

1556
    VIR_FREE(pid_file);
1557

1558
    VIR_FREE(remote_config_file);
1559 1560
    daemonConfigFree(config);

1561
    return ret;
D
Daniel P. Berrange 已提交
1562
}