remote_daemon.c 46.3 KB
Newer Older
D
Daniel P. Berrange 已提交
1
/*
2
 * remote_daemon.c: daemon start of day, guest process & i/o management
D
Daniel P. Berrange 已提交
3
 *
4
 * Copyright (C) 2006-2018 Red Hat, Inc.
D
Daniel P. Berrange 已提交
5 6 7 8 9 10 11 12 13 14 15 16 17
 * Copyright (C) 2006 Daniel P. Berrange
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
18
 * License along with this library.  If not, see
O
Osier Yang 已提交
19
 * <http://www.gnu.org/licenses/>.
D
Daniel P. Berrange 已提交
20 21
 */

22
#include <config.h>
23

D
Daniel P. Berrange 已提交
24 25
#include <unistd.h>
#include <fcntl.h>
26 27
#include <sys/wait.h>
#include <sys/stat.h>
D
Daniel P. Berrange 已提交
28
#include <getopt.h>
29
#include <grp.h>
30

31
#include "libvirt_internal.h"
32
#include "virerror.h"
E
Eric Blake 已提交
33
#include "virfile.h"
34
#include "virlog.h"
35
#include "virpidfile.h"
36
#include "virprocess.h"
37

38 39
#define VIR_FROM_THIS VIR_FROM_QEMU

40 41
#include "remote_daemon.h"
#include "remote_daemon_config.h"
42

43
#include "admin/admin_server_dispatch.h"
44
#include "viruuid.h"
45
#include "remote_driver.h"
46
#include "viralloc.h"
47
#include "virconf.h"
48
#include "virnetlink.h"
49
#include "virnetdaemon.h"
50
#include "remote_daemon_dispatch.h"
51
#include "virhook.h"
52
#include "viraudit.h"
53
#include "virstring.h"
54 55
#include "locking/lock_manager.h"
#include "viraccessmanager.h"
56
#include "virutil.h"
57
#include "virgettext.h"
58
#include "util/virnetdevopenvswitch.h"
59
#include "virsystemd.h"
D
Daniel P. Berrange 已提交
60

61
#include "driver.h"
62

63 64
#include "configmake.h"

65 66
#include "virdbus.h"

67 68 69 70 71
VIR_LOG_INIT("daemon." DAEMON_NAME);

#ifndef SOCK_PREFIX
# define SOCK_PREFIX DAEMON_NAME
#endif
72

73
#if WITH_SASL
74
virNetSASLContextPtr saslCtxt = NULL;
75
#endif
76 77
virNetServerProgramPtr remoteProgram = NULL;
virNetServerProgramPtr qemuProgram = NULL;
78

79 80
volatile bool driversInitialized = false;

81 82 83 84 85 86 87 88 89
enum {
    VIR_DAEMON_ERR_NONE = 0,
    VIR_DAEMON_ERR_PIDFILE,
    VIR_DAEMON_ERR_RUNDIR,
    VIR_DAEMON_ERR_INIT,
    VIR_DAEMON_ERR_SIGNAL,
    VIR_DAEMON_ERR_PRIVS,
    VIR_DAEMON_ERR_NETWORK,
    VIR_DAEMON_ERR_CONFIG,
90
    VIR_DAEMON_ERR_HOOKS,
91
    VIR_DAEMON_ERR_AUDIT,
92
    VIR_DAEMON_ERR_DRIVER,
93 94 95 96

    VIR_DAEMON_ERR_LAST
};

97
VIR_ENUM_DECL(virDaemonErr);
98 99
VIR_ENUM_IMPL(virDaemonErr,
              VIR_DAEMON_ERR_LAST,
100 101 102 103 104 105 106
              "Initialization successful",
              "Unable to obtain pidfile",
              "Unable to create rundir",
              "Unable to initialize libvirt",
              "Unable to setup signal handlers",
              "Unable to drop privileges",
              "Unable to initialize network sockets",
107
              "Unable to load configuration file",
108
              "Unable to look for hook scripts",
109
              "Unable to initialize audit system",
110 111
              "Unable to initialize driver",
);
112

113
static int daemonForkIntoBackground(const char *argv0)
114
{
115 116 117 118
    int statuspipe[2];
    if (pipe(statuspipe) < 0)
        return -1;

119
    pid_t pid = fork();
D
Daniel P. Berrange 已提交
120 121 122
    switch (pid) {
    case 0:
        {
E
Eric Blake 已提交
123
            /* intermediate child */
D
Daniel P. Berrange 已提交
124 125
            int stdinfd = -1;
            int stdoutfd = -1;
126
            int nextpid;
D
Daniel P. Berrange 已提交
127

128
            VIR_FORCE_CLOSE(statuspipe[0]);
129

130
            if ((stdinfd = open("/dev/null", O_RDONLY)) <= STDERR_FILENO)
D
Daniel P. Berrange 已提交
131
                goto cleanup;
132
            if ((stdoutfd = open("/dev/null", O_WRONLY)) <= STDERR_FILENO)
D
Daniel P. Berrange 已提交
133 134 135 136 137 138 139
                goto cleanup;
            if (dup2(stdinfd, STDIN_FILENO) != STDIN_FILENO)
                goto cleanup;
            if (dup2(stdoutfd, STDOUT_FILENO) != STDOUT_FILENO)
                goto cleanup;
            if (dup2(stdoutfd, STDERR_FILENO) != STDERR_FILENO)
                goto cleanup;
140
            if (VIR_CLOSE(stdinfd) < 0)
D
Daniel P. Berrange 已提交
141
                goto cleanup;
142
            if (VIR_CLOSE(stdoutfd) < 0)
D
Daniel P. Berrange 已提交
143 144 145 146 147 148 149
                goto cleanup;

            if (setsid() < 0)
                goto cleanup;

            nextpid = fork();
            switch (nextpid) {
E
Eric Blake 已提交
150
            case 0: /* grandchild */
151
                return statuspipe[1];
E
Eric Blake 已提交
152 153 154 155
            case -1: /* error */
                goto cleanup;
            default: /* intermediate child succeeded */
                _exit(EXIT_SUCCESS);
D
Daniel P. Berrange 已提交
156 157 158
            }

        cleanup:
159 160
            VIR_FORCE_CLOSE(stdoutfd);
            VIR_FORCE_CLOSE(stdinfd);
E
Eric Blake 已提交
161 162
            VIR_FORCE_CLOSE(statuspipe[1]);
            _exit(EXIT_FAILURE);
D
Daniel P. Berrange 已提交
163 164 165

        }

E
Eric Blake 已提交
166 167
    case -1: /* error in parent */
        goto error;
D
Daniel P. Berrange 已提交
168 169 170

    default:
        {
E
Eric Blake 已提交
171
            /* parent */
172 173 174
            int ret;
            char status;

175
            VIR_FORCE_CLOSE(statuspipe[1]);
176 177

            /* We wait to make sure the first child forked successfully */
178
            if (virProcessWait(pid, NULL, false) < 0)
E
Eric Blake 已提交
179
                goto error;
180

E
Eric Blake 已提交
181 182 183
            /* If we get here, then the grandchild was spawned, so we
             * must exit.  Block until the second child initializes
             * successfully */
184 185 186 187 188
        again:
            ret = read(statuspipe[0], &status, 1);
            if (ret == -1 && errno == EINTR)
                goto again;

E
Eric Blake 已提交
189 190 191 192 193
            VIR_FORCE_CLOSE(statuspipe[0]);

            if (ret != 1) {
                char ebuf[1024];

194
                fprintf(stderr,
E
Eric Blake 已提交
195 196 197 198 199 200 201 202
                        _("%s: error: unable to determine if daemon is "
                          "running: %s\n"), argv0,
                        virStrerror(errno, ebuf, sizeof(ebuf)));
                exit(EXIT_FAILURE);
            } else if (status != 0) {
                fprintf(stderr,
                        _("%s: error: %s. Check /var/log/messages or run "
                          "without --daemon for more info.\n"), argv0,
203
                        virDaemonErrTypeToString(status));
E
Eric Blake 已提交
204
                exit(EXIT_FAILURE);
205
            }
E
Eric Blake 已提交
206
            _exit(EXIT_SUCCESS);
D
Daniel P. Berrange 已提交
207 208
        }
    }
E
Eric Blake 已提交
209

210
 error:
E
Eric Blake 已提交
211 212 213
    VIR_FORCE_CLOSE(statuspipe[0]);
    VIR_FORCE_CLOSE(statuspipe[1]);
    return -1;
D
Daniel P. Berrange 已提交
214 215
}

216

217 218 219 220
static int
daemonUnixSocketPaths(struct daemonConfig *config,
                      bool privileged,
                      char **sockfile,
221 222
                      char **rosockfile,
                      char **admsockfile)
J
John Levon 已提交
223
{
224 225 226
    int ret = -1;
    char *rundir = NULL;

227
    if (config->unix_sock_dir) {
228
        if (virAsprintf(sockfile, "%s/%s-sock",
229
                        config->unix_sock_dir, SOCK_PREFIX) < 0)
230
            goto cleanup;
231 232

        if (privileged) {
233
            if (virAsprintf(rosockfile, "%s/%s-sock-ro",
234
                            config->unix_sock_dir, SOCK_PREFIX) < 0 ||
235
                virAsprintf(admsockfile, "%s/%s-admin-sock",
236
                            config->unix_sock_dir, SOCK_PREFIX) < 0)
237
                goto cleanup;
238
        }
D
Daniel P. Berrange 已提交
239
    } else {
240
        if (privileged) {
241 242 243 244 245 246
            if (virAsprintf(sockfile, "%s/libvirt/%s-sock",
                            RUNSTATEDIR, SOCK_PREFIX) < 0 ||
                virAsprintf(rosockfile, "%s/libvirt/%s-sock-ro",
                            RUNSTATEDIR, SOCK_PREFIX) < 0 ||
                virAsprintf(admsockfile, "%s/libvirt/%s-admin-sock",
                            RUNSTATEDIR, SOCK_PREFIX) < 0)
247
                goto cleanup;
248
        } else {
249
            mode_t old_umask;
250

251
            if (!(rundir = virGetUserRuntimeDirectory()))
252
                goto cleanup;
253

254 255 256
            old_umask = umask(077);
            if (virFileMakePath(rundir) < 0) {
                umask(old_umask);
257
                goto cleanup;
258 259 260
            }
            umask(old_umask);

261 262 263 264
            if (virAsprintf(sockfile, "%s/%s-sock",
                            rundir, SOCK_PREFIX) < 0 ||
                virAsprintf(admsockfile, "%s/%s-admin-sock",
                            rundir, SOCK_PREFIX) < 0)
265
                goto cleanup;
266 267
        }
    }
268

269 270 271 272
    ret = 0;
 cleanup:
    VIR_FREE(rundir);
    return ret;
D
Daniel P. Berrange 已提交
273 274
}

275

J
Ján Tomko 已提交
276 277
static void daemonErrorHandler(void *opaque G_GNUC_UNUSED,
                               virErrorPtr err G_GNUC_UNUSED)
278 279 280 281 282
{
    /* Don't do anything, since logging infrastructure already
     * took care of reporting the error */
}

283 284 285 286 287 288 289 290 291 292 293 294 295 296 297
static int daemonErrorLogFilter(virErrorPtr err, int priority)
{
    /* These error codes don't really reflect real errors. They
     * are expected events that occur when an app tries to check
     * whether a particular guest already exists. This filters
     * them to a lower log level to prevent pollution of syslog
     */
    switch (err->code) {
    case VIR_ERR_NO_DOMAIN:
    case VIR_ERR_NO_NETWORK:
    case VIR_ERR_NO_STORAGE_POOL:
    case VIR_ERR_NO_STORAGE_VOL:
    case VIR_ERR_NO_NODE_DEVICE:
    case VIR_ERR_NO_INTERFACE:
    case VIR_ERR_NO_NWFILTER:
298
    case VIR_ERR_NO_NWFILTER_BINDING:
299 300
    case VIR_ERR_NO_SECRET:
    case VIR_ERR_NO_DOMAIN_SNAPSHOT:
301
    case VIR_ERR_OPERATION_INVALID:
302
    case VIR_ERR_NO_DOMAIN_METADATA:
303 304
    case VIR_ERR_NO_SERVER:
    case VIR_ERR_NO_CLIENT:
305 306 307 308 309 310
        return VIR_LOG_DEBUG;
    }

    return priority;
}

311

312
static int daemonInitialize(void)
313
{
314 315
#ifndef LIBVIRTD
# ifdef MODULE_NAME
316 317 318
    /* This a dedicated per-driver daemon build */
    if (virDriverLoadModule(MODULE_NAME, MODULE_NAME "Register", true) < 0)
        return -1;
319 320 321 322 323
# else
    /* This is virtproxyd which merely proxies to the per-driver
     * daemons for back compat, and also allows IP connectivity.
     */
# endif
324 325 326
#else
    /* This is the legacy monolithic libvirtd built with all drivers
     *
327
     * Note that the order is important: the first ones have a higher
328 329 330
     * priority when calling virStateInitialize. We must register the
     * network, storage and nodedev drivers before any stateful domain
     * driver, since their resources must be auto-started before any
331
     * domains can be auto-started.
332
     */
333
# ifdef WITH_NETWORK
334 335
    if (virDriverLoadModule("network", "networkRegister", false) < 0)
        return -1;
336 337
# endif
# ifdef WITH_INTERFACE
338 339
    if (virDriverLoadModule("interface", "interfaceRegister", false) < 0)
        return -1;
340 341
# endif
# ifdef WITH_SECRETS
342 343
    if (virDriverLoadModule("secret", "secretRegister", false) < 0)
        return -1;
344 345
# endif
# ifdef WITH_STORAGE
346 347
    if (virDriverLoadModule("storage", "storageRegister", false) < 0)
        return -1;
348 349
# endif
# ifdef WITH_NODE_DEVICES
350 351
    if (virDriverLoadModule("nodedev", "nodedevRegister", false) < 0)
        return -1;
352 353
# endif
# ifdef WITH_NWFILTER
354 355
    if (virDriverLoadModule("nwfilter", "nwfilterRegister", false) < 0)
        return -1;
356 357
# endif
# ifdef WITH_LIBXL
358 359
    if (virDriverLoadModule("libxl", "libxlRegister", false) < 0)
        return -1;
360 361
# endif
# ifdef WITH_QEMU
362 363
    if (virDriverLoadModule("qemu", "qemuRegister", false) < 0)
        return -1;
364 365
# endif
# ifdef WITH_LXC
366 367
    if (virDriverLoadModule("lxc", "lxcRegister", false) < 0)
        return -1;
368 369
# endif
# ifdef WITH_VBOX
370 371
    if (virDriverLoadModule("vbox", "vboxRegister", false) < 0)
        return -1;
372 373
# endif
# ifdef WITH_BHYVE
374 375
    if (virDriverLoadModule("bhyve", "bhyveRegister", false) < 0)
        return -1;
376 377
# endif
# ifdef WITH_VZ
378 379
    if (virDriverLoadModule("vz", "vzRegister", false) < 0)
        return -1;
380
# endif
381
#endif
382
    return 0;
383 384 385
}


386 387
static int ATTRIBUTE_NONNULL(3)
daemonSetupNetworking(virNetServerPtr srv,
388
                      virNetServerPtr srvAdm,
389
                      struct daemonConfig *config,
390 391 392 393
#ifdef WITH_IP
                      bool ipsock,
                      bool privileged,
#endif /* ! WITH_IP */
394 395
                      const char *sock_path,
                      const char *sock_path_ro,
396
                      const char *sock_path_adm)
397 398 399 400
{
    gid_t unix_sock_gid = 0;
    int unix_sock_ro_mask = 0;
    int unix_sock_rw_mask = 0;
401
    int unix_sock_adm_mask = 0;
402
    int ret = -1;
J
Ján Tomko 已提交
403
    g_autoptr(virSystemdActivation) act = NULL;
404
    virSystemdActivationMap actmap[] = {
405 406 407
        { .name = DAEMON_NAME ".socket", .family = AF_UNIX, .path = sock_path },
        { .name = DAEMON_NAME "-ro.socket", .family = AF_UNIX, .path = sock_path_ro },
        { .name = DAEMON_NAME "-admin.socket", .family = AF_UNIX, .path = sock_path_adm },
408
#ifdef WITH_IP
409 410
        { .name = DAEMON_NAME "-tcp.socket", .family = AF_INET },
        { .name = DAEMON_NAME "-tls.socket", .family = AF_INET },
411
#endif /* ! WITH_IP */
412 413
    };

414
#ifdef WITH_IP
415 416 417 418 419
    if ((actmap[3].port = virSocketAddrResolveService(config->tcp_port)) < 0)
        return -1;

    if ((actmap[4].port = virSocketAddrResolveService(config->tls_port)) < 0)
        return -1;
420
#endif /* ! WITH_IP */
421

422
    if (virSystemdGetActivation(actmap, G_N_ELEMENTS(actmap), &act) < 0)
423
        return -1;
424

425
#ifdef WITH_IP
426
# ifdef LIBVIRTD
427 428 429 430 431
    if (act && ipsock) {
        VIR_ERROR(_("--listen parameter not permitted with systemd activation "
                    "sockets, see 'man libvirtd' for further guidance"));
        return -1;
    }
432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451
# else /* ! LIBVIRTD */
    /*
     * "ipsock" traditionally reflected whether --listen is set.
     * The listen_tcp & listen_tls params in libvirtd.conf were
     * not honoured unless --listen was set.
     *
     * In virtproxyd we dropped --listen, and have listen_tcp and
     * listen_tls in the config file both default to 0. The user
     * can turn on listening simply by setting the libvirtd.conf
     * file settings and doesn't have to worry about also adding
     * --listen, which is saner.
     *
     * Hence, we initialized ipsock == 1 by default with virtproxyd.
     * When using systemd activation though, we clear ipsock, so
     * later code doesn't have any surprising behaviour differences
     * for virtproxyd vs libvirtd.
     */
    if (act)
        ipsock = 0;
# endif /* ! LIBVIRTD */
452 453
#endif /* ! WITH_IP */

454 455
    if (config->unix_sock_group) {
        if (virGetGroupID(config->unix_sock_group, &unix_sock_gid) < 0)
456
            return ret;
457
    }
458

459 460
    if (virStrToLong_i(config->unix_sock_ro_perms, NULL, 8, &unix_sock_ro_mask) != 0) {
        VIR_ERROR(_("Failed to parse mode '%s'"), config->unix_sock_ro_perms);
461
        goto cleanup;
462
    }
463

464 465
    if (virStrToLong_i(config->unix_sock_admin_perms, NULL, 8, &unix_sock_adm_mask) != 0) {
        VIR_ERROR(_("Failed to parse mode '%s'"), config->unix_sock_admin_perms);
466
        goto cleanup;
467 468
    }

469 470
    if (virStrToLong_i(config->unix_sock_rw_perms, NULL, 8, &unix_sock_rw_mask) != 0) {
        VIR_ERROR(_("Failed to parse mode '%s'"), config->unix_sock_rw_perms);
471
        goto cleanup;
472
    }
473

474 475
    if (virNetServerAddServiceUNIX(srv,
                                   act,
476
                                   DAEMON_NAME ".socket",
477 478 479 480 481 482 483 484
                                   sock_path,
                                   unix_sock_rw_mask,
                                   unix_sock_gid,
                                   config->auth_unix_rw,
                                   NULL,
                                   false,
                                   config->max_queued_clients,
                                   config->max_client_requests) < 0)
485
        goto cleanup;
486 487 488
    if (sock_path_ro &&
        virNetServerAddServiceUNIX(srv,
                                   act,
489
                                   DAEMON_NAME "-ro.socket",
490 491 492 493 494 495 496 497
                                   sock_path_ro,
                                   unix_sock_ro_mask,
                                   unix_sock_gid,
                                   config->auth_unix_ro,
                                   NULL,
                                   true,
                                   config->max_queued_clients,
                                   config->max_client_requests) < 0)
498
        goto cleanup;
499

500 501 502
    if (sock_path_adm &&
        virNetServerAddServiceUNIX(srvAdm,
                                   act,
503
                                   DAEMON_NAME "-admin.socket",
504 505 506 507 508 509 510 511
                                   sock_path_adm,
                                   unix_sock_adm_mask,
                                   unix_sock_gid,
                                   REMOTE_AUTH_NONE,
                                   NULL,
                                   false,
                                   config->admin_max_queued_clients,
                                   config->admin_max_client_requests) < 0)
512
        goto cleanup;
513

514
#ifdef WITH_IP
515 516 517
    if (((ipsock && config->listen_tcp) || act) &&
        virNetServerAddServiceTCP(srv,
                                  act,
518
                                  DAEMON_NAME "-tcp.socket",
519 520 521 522 523 524 525 526 527
                                  config->listen_addr,
                                  config->tcp_port,
                                  AF_UNSPEC,
                                  config->auth_tcp,
                                  NULL,
                                  false,
                                  config->max_queued_clients,
                                  config->max_client_requests) < 0)
        goto cleanup;
528

529
    if (((ipsock && config->listen_tls) || (act && virSystemdActivationHasName(act, DAEMON_NAME "-tls.socket")))) {
530
        virNetTLSContextPtr ctxt = NULL;
531

532 533 534 535 536 537
        if (config->ca_file ||
            config->cert_file ||
            config->key_file) {
            if (!config->ca_file) {
                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                               _("No CA certificate path set to match server key/cert"));
538
                goto cleanup;
539 540 541 542
            }
            if (!config->cert_file) {
                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                               _("No server certificate path set to match server key"));
543
                goto cleanup;
544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563
            }
            if (!config->key_file) {
                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                               _("No server key path set to match server cert"));
                goto cleanup;
            }
            VIR_DEBUG("Using CA='%s' cert='%s' key='%s'",
                      config->ca_file, config->cert_file, config->key_file);
            if (!(ctxt = virNetTLSContextNewServer(config->ca_file,
                                                   config->crl_file,
                                                   config->cert_file,
                                                   config->key_file,
                                                   (const char *const*)config->tls_allowed_dn_list,
                                                   config->tls_priority,
                                                   config->tls_no_sanity_certificate ? false : true,
                                                   config->tls_no_verify_certificate ? false : true)))
                goto cleanup;
        } else {
            if (!(ctxt = virNetTLSContextNewServerPath(NULL,
                                                       !privileged,
564
                                                       (const char *const*)config->tls_allowed_dn_list,
565
                                                       config->tls_priority,
566
                                                       config->tls_no_sanity_certificate ? false : true,
567
                                                       config->tls_no_verify_certificate ? false : true)))
568
                goto cleanup;
569
        }
570

571 572 573 574
        VIR_DEBUG("Registering TLS socket %s:%s",
                  config->listen_addr, config->tls_port);
        if (virNetServerAddServiceTCP(srv,
                                      act,
575
                                      DAEMON_NAME "-tls.socket",
576 577 578 579 580 581 582 583
                                      config->listen_addr,
                                      config->tls_port,
                                      AF_UNSPEC,
                                      config->auth_tls,
                                      ctxt,
                                      false,
                                      config->max_queued_clients,
                                      config->max_client_requests) < 0) {
584
            virObjectUnref(ctxt);
585
            goto cleanup;
586
        }
587
        virObjectUnref(ctxt);
588
    }
589
#endif /* ! WITH_IP */
590

591 592 593 594
    if (act &&
        virSystemdActivationComplete(act) < 0)
        goto cleanup;

595
#if WITH_SASL
596 597 598
    if (virNetServerNeedsAuth(srv, REMOTE_AUTH_SASL) &&
        !(saslCtxt = virNetSASLContextNewServer(
              (const char *const*)config->sasl_allowed_username_list)))
599
        goto cleanup;
600
#endif
D
Daniel P. Berrange 已提交
601

602
    ret = 0;
603

604 605
 cleanup:
    return ret;
D
Daniel P. Berrange 已提交
606 607 608
}


609 610 611 612 613 614 615 616 617 618
/*
 * Set up the openvswitch timeout
 */
static void
daemonSetupNetDevOpenvswitch(struct daemonConfig *config)
{
    virNetDevOpenvswitchSetTimeout(config->ovs_timeout);
}


619 620
/*
 * Set up the logging environment
621
 * By default if daemonized all errors go to journald/a logfile
622
 * but if verbose or error debugging is asked for then also output
623
 * informational and debug messages. Default size if 64 kB.
624
 */
625
static int
626 627 628 629
daemonSetupLogging(struct daemonConfig *config,
                   bool privileged,
                   bool verbose,
                   bool godaemon)
630
{
631 632
    virLogReset();

633
    /*
634
     * Logging setup order of precedence is:
635 636
     * cmdline > environment > config
     *
637
     * Given the precedence, we must process the variables in the opposite
638
     * order, each one overriding the previous.
639
     */
640 641
    if (config->log_level != 0)
        virLogSetDefaultPriority(config->log_level);
642

643 644 645
    /* In case the config is empty, both filters and outputs will become empty,
     * however we can't start with empty outputs, thus we'll need to define and
     * setup a default one.
646 647 648
     */
    ignore_value(virLogSetFilters(config->log_filters));
    ignore_value(virLogSetOutputs(config->log_outputs));
649

650 651
    /* If there are some environment variables defined, use those instead */
    virLogSetFromEnv();
652

653 654 655 656 657 658
    /*
     * Command line override for --verbose
     */
    if ((verbose) && (virLogGetDefaultPriority() > VIR_LOG_INFO))
        virLogSetDefaultPriority(VIR_LOG_INFO);

659 660 661
    /* Define the default output. This is only applied if there was no setting
     * from either the config or the environment.
     */
662
    if (virLogSetDefaultOutput(DAEMON_NAME, godaemon, privileged) < 0)
663 664 665 666 667
        return -1;

    if (virLogGetNbOutputs() == 0)
        virLogSetOutputs(virLogGetDefaultOutput());

668 669 670
    return 0;
}

671

672 673 674 675 676
static int
daemonSetupAccessManager(struct daemonConfig *config)
{
    virAccessManagerPtr mgr;
    const char *none[] = { "none", NULL };
J
Ján Tomko 已提交
677
    const char **drv = (const char **)config->access_drivers;
678

J
Ján Tomko 已提交
679 680 681
    if (!drv ||
        !drv[0])
        drv = none;
682

J
Ján Tomko 已提交
683
    if (!(mgr = virAccessManagerNewStack(drv)))
684 685 686 687 688 689 690 691
        return -1;

    virAccessManagerSetDefault(mgr);
    virObjectUnref(mgr);
    return 0;
}


692 693
/* Display version information. */
static void
694
daemonVersion(const char *argv0)
695
{
696
    printf("%s (%s) %s\n", argv0, PACKAGE_NAME, PACKAGE_VERSION);
697 698
}

699

700
static void daemonShutdownHandler(virNetDaemonPtr dmn,
J
Ján Tomko 已提交
701 702
                                  siginfo_t *sig G_GNUC_UNUSED,
                                  void *opaque G_GNUC_UNUSED)
703
{
704
    virNetDaemonQuit(dmn);
705
}
706

J
Ján Tomko 已提交
707
static void daemonReloadHandlerThread(void *opague G_GNUC_UNUSED)
708 709 710 711 712 713 714 715
{
    VIR_INFO("Reloading configuration on SIGHUP");
    virHookCall(VIR_HOOK_DRIVER_DAEMON, "-",
                VIR_HOOK_DAEMON_OP_RELOAD, SIGHUP, "SIGHUP", NULL, NULL);
    if (virStateReload() < 0)
        VIR_WARN("Error while reloading drivers");
}

J
Ján Tomko 已提交
716 717 718
static void daemonReloadHandler(virNetDaemonPtr dmn G_GNUC_UNUSED,
                                siginfo_t *sig G_GNUC_UNUSED,
                                void *opaque G_GNUC_UNUSED)
719
{
720 721
    virThread thr;

722 723 724 725 726
    if (!driversInitialized) {
        VIR_WARN("Drivers are not initialized, reload ignored");
        return;
    }

727 728 729 730 731 732
    if (virThreadCreate(&thr, false, daemonReloadHandlerThread, NULL) < 0) {
        /*
         * Not much we can do on error here except log it.
         */
        VIR_ERROR(_("Failed to create thread to handle daemon restart"));
    }
733 734
}

735
static int daemonSetupSignals(virNetDaemonPtr dmn)
736
{
737
    if (virNetDaemonAddSignalHandler(dmn, SIGINT, daemonShutdownHandler, NULL) < 0)
738
        return -1;
739
    if (virNetDaemonAddSignalHandler(dmn, SIGQUIT, daemonShutdownHandler, NULL) < 0)
740
        return -1;
741
    if (virNetDaemonAddSignalHandler(dmn, SIGTERM, daemonShutdownHandler, NULL) < 0)
742
        return -1;
743
    if (virNetDaemonAddSignalHandler(dmn, SIGHUP, daemonReloadHandler, NULL) < 0)
744
        return -1;
745 746
    return 0;
}
747

748 749 750

static void daemonInhibitCallback(bool inhibit, void *opaque)
{
751
    virNetDaemonPtr dmn = opaque;
752 753

    if (inhibit)
754
        virNetDaemonAddShutdownInhibition(dmn);
755
    else
756
        virNetDaemonRemoveShutdownInhibition(dmn);
757 758 759
}


760
#ifdef WITH_DBUS
761 762 763 764 765
static DBusConnection *sessionBus;
static DBusConnection *systemBus;

static void daemonStopWorker(void *opaque)
{
766
    virNetDaemonPtr dmn = opaque;
767

768
    VIR_DEBUG("Begin stop dmn=%p", dmn);
769 770 771

    ignore_value(virStateStop());

772
    VIR_DEBUG("Completed stop dmn=%p", dmn);
773

774
    /* Exit daemon cleanly */
775
    virNetDaemonQuit(dmn);
776 777 778 779
}


/* We do this in a thread to not block the main loop */
780
static void daemonStop(virNetDaemonPtr dmn)
781 782
{
    virThread thr;
783 784 785
    virObjectRef(dmn);
    if (virThreadCreate(&thr, false, daemonStopWorker, dmn) < 0)
        virObjectUnref(dmn);
786 787 788 789
}


static DBusHandlerResult
J
Ján Tomko 已提交
790
handleSessionMessageFunc(DBusConnection *connection G_GNUC_UNUSED,
791 792 793
                         DBusMessage *message,
                         void *opaque)
{
794
    virNetDaemonPtr dmn = opaque;
795

796
    VIR_DEBUG("dmn=%p", dmn);
797 798 799 800

    if (dbus_message_is_signal(message,
                               DBUS_INTERFACE_LOCAL,
                               "Disconnected"))
801
        daemonStop(dmn);
802 803 804 805 806 807

    return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
}


static DBusHandlerResult
J
Ján Tomko 已提交
808
handleSystemMessageFunc(DBusConnection *connection G_GNUC_UNUSED,
809 810 811
                        DBusMessage *message,
                        void *opaque)
{
812
    virNetDaemonPtr dmn = opaque;
813

814
    VIR_DEBUG("dmn=%p", dmn);
815 816 817 818

    if (dbus_message_is_signal(message,
                               "org.freedesktop.login1.Manager",
                               "PrepareForShutdown"))
819
        daemonStop(dmn);
820 821 822 823 824 825

    return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
}
#endif


826 827
static void daemonRunStateInit(void *opaque)
{
828
    virNetDaemonPtr dmn = opaque;
829
    g_autoptr(virIdentity) sysident = virIdentityGetSystem();
830 831 832 833 834
#ifdef MODULE_NAME
    bool mandatory = true;
#else /* ! MODULE_NAME */
    bool mandatory = false;
#endif /* ! MODULE_NAME */
835 836

    virIdentitySetCurrent(sysident);
837

838 839
    /* Since driver initialization can take time inhibit daemon shutdown until
       we're done so clients get a chance to connect */
840
    daemonInhibitCallback(true, dmn);
841

842
    /* Start the stateful HV drivers
E
Eric Blake 已提交
843
     * This is deliberately done after telling the parent process
844 845
     * we're ready, since it can take a long time and this will
     * seriously delay OS bootup process */
846
    if (virStateInitialize(virNetDaemonIsPrivileged(dmn),
847
                           mandatory,
848
                           daemonInhibitCallback,
849
                           dmn) < 0) {
850
        VIR_ERROR(_("Driver state initialization failed"));
851 852
        /* Ensure the main event loop quits */
        kill(getpid(), SIGTERM);
853
        goto cleanup;
854 855
    }

856 857
    driversInitialized = true;

858
#ifdef WITH_DBUS
859
    /* Tie the non-privileged daemons to the session/shutdown lifecycle */
860
    if (!virNetDaemonIsPrivileged(dmn)) {
861 862 863 864

        sessionBus = virDBusGetSessionBus();
        if (sessionBus != NULL)
            dbus_connection_add_filter(sessionBus,
865
                                       handleSessionMessageFunc, dmn, NULL);
866 867 868 869

        systemBus = virDBusGetSystemBus();
        if (systemBus != NULL) {
            dbus_connection_add_filter(systemBus,
870
                                       handleSystemMessageFunc, dmn, NULL);
871 872 873 874 875 876
            dbus_bus_add_match(systemBus,
                               "type='signal',sender='org.freedesktop.login1', interface='org.freedesktop.login1.Manager'",
                               NULL);
        }
    }
#endif
877
    /* Only now accept clients from network */
878
    virNetDaemonUpdateServices(dmn, true);
879
 cleanup:
880 881
    daemonInhibitCallback(false, dmn);
    virObjectUnref(dmn);
882
    virIdentitySetCurrent(NULL);
883
}
884

885
static int daemonStateInit(virNetDaemonPtr dmn)
886 887
{
    virThread thr;
888 889 890
    virObjectRef(dmn);
    if (virThreadCreate(&thr, false, daemonRunStateInit, dmn) < 0) {
        virObjectUnref(dmn);
891 892
        return -1;
    }
893 894 895
    return 0;
}

896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928
static int
daemonSetupHostUUID(const struct daemonConfig *config)
{
    static const char *machine_id = "/etc/machine-id";
    char buf[VIR_UUID_STRING_BUFLEN];
    const char *uuid;

    if (config->host_uuid) {
        uuid = config->host_uuid;
    } else if (!config->host_uuid_source ||
               STREQ(config->host_uuid_source, "smbios")) {
        /* smbios UUID is fetched on demand in virGetHostUUID */
        return 0;
    } else if (STREQ(config->host_uuid_source, "machine-id")) {
        if (virFileReadBufQuiet(machine_id, buf, sizeof(buf)) < 0) {
            VIR_ERROR(_("Can't read %s"), machine_id);
            return -1;
        }

        uuid = buf;
    } else {
        VIR_ERROR(_("invalid UUID source: %s"), config->host_uuid_source);
        return -1;
    }

    if (virSetHostUUIDStr(uuid)) {
        VIR_ERROR(_("invalid host UUID: %s"), uuid);
        return -1;
    }

    return 0;
}

929 930 931 932 933
typedef struct {
    const char *opts;
    const char *help;
} virOptionHelp;

934 935
/* Print command-line usage. */
static void
936
daemonUsage(const char *argv0, bool privileged)
937
{
938 939 940 941 942
    size_t i;
    virOptionHelp opthelp[] = {
        { "-h | --help", N_("Display program help") },
        { "-v | --verbose", N_("Verbose messages") },
        { "-d | --daemon", N_("Run as a daemon & write PID file") },
943
#if defined(WITH_IP) && defined(LIBVIRTD)
944
        { "-l | --listen", N_("Listen for TCP/IP connections") },
945
#endif /* !(WITH_IP && LIBVIRTD) */
946 947 948 949 950 951 952 953 954 955 956 957
        { "-t | --timeout <secs>", N_("Exit after timeout period") },
        { "-f | --config <file>", N_("Configuration file") },
        { "-V | --version", N_("Display version information") },
        { "-p | --pid-file <file>", N_("Change name of PID file") },
    };

    fprintf(stderr, "\n");
    fprintf(stderr, "%s\n", _("Usage:"));
    fprintf(stderr, "  %s [%s]\n", argv0, _("options"));
    fprintf(stderr, "\n");

    fprintf(stderr, "%s\n", _("Options:"));
958
    for (i = 0; i < G_N_ELEMENTS(opthelp); i++)
959 960 961 962 963 964 965 966 967 968 969
        fprintf(stderr, "  %-22s %s\n", opthelp[i].opts,
                _(opthelp[i].help));
    fprintf(stderr, "\n");

    fprintf(stderr, "%s\n", _("libvirt management daemon:"));

    fprintf(stderr, "\n");
    fprintf(stderr, "  %s\n", _("Default paths:"));
    fprintf(stderr, "\n");

    fprintf(stderr, "    %s\n", _("Configuration file (unless overridden by -f):"));
970 971
    fprintf(stderr, "      %s/libvirt/%s.conf\n",
            privileged ? SYSCONFDIR : "$XDG_CONFIG_HOME", DAEMON_NAME);
972 973 974 975
    fprintf(stderr, "\n");

    fprintf(stderr, "    %s\n", _("Sockets:"));
    fprintf(stderr, "      %s/libvirt/%s-sock\n",
976
            privileged ? RUNSTATEDIR : "$XDG_RUNTIME_DIR",
977 978
            SOCK_PREFIX);
    if (privileged)
979 980
        fprintf(stderr, "      %s/libvirt/%s-sock-ro\n",
                RUNSTATEDIR, SOCK_PREFIX);
981 982
    fprintf(stderr, "\n");

983
#ifdef WITH_IP
984 985 986 987 988 989 990 991 992 993 994
    fprintf(stderr, "    %s\n", _("TLS:"));
    fprintf(stderr, "      %s %s\n",
            _("CA certificate:"),
            privileged ? LIBVIRT_CACERT : "$HOME/.pki/libvirt/cacert.pem");
    fprintf(stderr, "      %s %s\n",
            _("Server certificate:"),
            privileged ? LIBVIRT_SERVERCERT : "$HOME/.pki/libvirt/servercert.pem");
    fprintf(stderr, "      %s %s\n",
            _("Server private key:"),
            privileged ? LIBVIRT_SERVERKEY : "$HOME/.pki/libvirt/serverkey.pem");
    fprintf(stderr, "\n");
995
#endif /* ! WITH_IP */
996 997 998

    fprintf(stderr, "    %s\n",
            _("PID file (unless overridden by -p):"));
999
    fprintf(stderr, "      %s/%s.pid\n",
1000
            privileged ? RUNSTATEDIR : "$XDG_RUNTIME_DIR/libvirt",
1001
            DAEMON_NAME);
1002
    fprintf(stderr, "\n");
1003 1004
}

D
Daniel P. Berrange 已提交
1005
int main(int argc, char **argv) {
1006
    virNetDaemonPtr dmn = NULL;
1007
    virNetServerPtr srv = NULL;
1008
    virNetServerPtr srvAdm = NULL;
1009 1010
    virNetServerProgramPtr adminProgram = NULL;
    virNetServerProgramPtr lxcProgram = NULL;
1011
    char *remote_config_file = NULL;
1012
    int statuswrite = -1;
1013
    int ret = 1;
1014
    int pid_file_fd = -1;
1015 1016 1017
    char *pid_file = NULL;
    char *sock_file = NULL;
    char *sock_file_ro = NULL;
1018
    char *sock_file_adm = NULL;
1019 1020 1021
    int timeout = -1;        /* -t: Shutdown timeout */
    int verbose = 0;
    int godaemon = 0;
1022
#ifdef WITH_IP
1023
# ifdef LIBVIRTD
1024
    int ipsock = 0;
1025 1026 1027
# else /* ! LIBVIRTD */
    int ipsock = 1; /* listen_tcp/listen_tls default to 0 */
# endif /* ! LIBVIRTD */
1028
#endif /* ! WITH_IP */
1029 1030
    struct daemonConfig *config;
    bool privileged = geteuid() == 0 ? true : false;
1031
    bool implicit_conf = false;
1032 1033
    char *run_dir = NULL;
    mode_t old_umask;
D
Daniel P. Berrange 已提交
1034 1035

    struct option opts[] = {
1036 1037
        { "verbose", no_argument, &verbose, 'v'},
        { "daemon", no_argument, &godaemon, 'd'},
1038
#if defined(WITH_IP) && defined(LIBVIRTD)
1039
        { "listen", no_argument, &ipsock, 'l'},
1040
#endif /* !(WITH_IP && LIBVIRTD) */
1041
        { "config", required_argument, NULL, 'f'},
1042 1043
        { "timeout", required_argument, NULL, 't'},
        { "pid-file", required_argument, NULL, 'p'},
1044 1045
        { "version", no_argument, NULL, 'V' },
        { "help", no_argument, NULL, 'h' },
D
Daniel P. Berrange 已提交
1046 1047 1048
        {0, 0, 0, 0}
    };

1049
    if (virGettextInitialize() < 0 ||
E
Eric Blake 已提交
1050
        virInitialize() < 0) {
1051
        fprintf(stderr, _("%s: initialization failed\n"), argv[0]);
E
Eric Blake 已提交
1052
        exit(EXIT_FAILURE);
1053
    }
D
Daniel P. Berrange 已提交
1054

1055 1056
    virUpdateSelfLastChanged(argv[0]);

1057
    virFileActivateDirOverrideForProg(argv[0]);
1058

D
Daniel P. Berrange 已提交
1059 1060 1061 1062
    while (1) {
        int optidx = 0;
        int c;
        char *tmp;
1063
#if defined(WITH_IP) && defined(LIBVIRTD)
1064
        const char *optstr = "ldf:p:t:vVh";
1065
#else /* !(WITH_IP && LIBVIRTD) */
1066
        const char *optstr = "df:p:t:vVh";
1067
#endif /* !(WITH_IP && LIBVIRTD) */
D
Daniel P. Berrange 已提交
1068

1069
        c = getopt_long(argc, argv, optstr, opts, &optidx);
D
Daniel P. Berrange 已提交
1070

1071
        if (c == -1)
D
Daniel P. Berrange 已提交
1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083
            break;

        switch (c) {
        case 0:
            /* Got one of the flags */
            break;
        case 'v':
            verbose = 1;
            break;
        case 'd':
            godaemon = 1;
            break;
1084

1085
#if defined(WITH_IP) && defined(LIBVIRTD)
1086 1087
        case 'l':
            ipsock = 1;
D
Daniel P. Berrange 已提交
1088
            break;
1089
#endif /* !(WITH_IP && LIBVIRTD) */
D
Daniel P. Berrange 已提交
1090 1091

        case 't':
1092
            if (virStrToLong_i(optarg, &tmp, 10, &timeout) != 0
1093 1094
                || timeout <= 0
                /* Ensure that we can multiply by 1000 without overflowing.  */
1095 1096 1097 1098
                || timeout > INT_MAX / 1000) {
                VIR_ERROR(_("Invalid value for timeout"));
                exit(EXIT_FAILURE);
            }
D
Daniel P. Berrange 已提交
1099
            break;
1100 1101

        case 'p':
1102
            VIR_FREE(pid_file);
1103
            if (VIR_STRDUP_QUIET(pid_file, optarg) < 0) {
1104
                VIR_ERROR(_("Can't allocate memory"));
1105
                exit(EXIT_FAILURE);
1106
            }
1107 1108 1109
            break;

        case 'f':
1110
            VIR_FREE(remote_config_file);
1111
            if (VIR_STRDUP_QUIET(remote_config_file, optarg) < 0) {
1112
                VIR_ERROR(_("Can't allocate memory"));
1113
                exit(EXIT_FAILURE);
1114
            }
1115 1116
            break;

1117
        case 'V':
1118
            daemonVersion(argv[0]);
1119
            exit(EXIT_SUCCESS);
1120

1121
        case 'h':
1122
            daemonUsage(argv[0], privileged);
1123
            exit(EXIT_SUCCESS);
D
Daniel P. Berrange 已提交
1124

1125
        case '?':
D
Daniel P. Berrange 已提交
1126
        default:
1127
            daemonUsage(argv[0], privileged);
1128
            exit(EXIT_FAILURE);
D
Daniel P. Berrange 已提交
1129 1130 1131
        }
    }

1132 1133 1134 1135 1136 1137
    if (optind != argc) {
        fprintf(stderr, "%s: unexpected, non-option, command line arguments\n",
                argv[0]);
        exit(EXIT_FAILURE);
    }

1138 1139
    if (!(config = daemonConfigNew(privileged))) {
        VIR_ERROR(_("Can't create initial configuration"));
1140
        exit(EXIT_FAILURE);
1141
    }
1142 1143

    /* No explicit config, so try and find a default one */
1144 1145 1146
    if (remote_config_file == NULL) {
        implicit_conf = true;
        if (daemonConfigFilePath(privileged,
1147 1148
                                 &remote_config_file) < 0) {
            VIR_ERROR(_("Can't determine config path"));
1149
            exit(EXIT_FAILURE);
1150
        }
1151
    }
1152 1153 1154

    /* Read the config file if it exists*/
    if (remote_config_file &&
1155
        daemonConfigLoadFile(config, remote_config_file, implicit_conf) < 0) {
1156 1157
        VIR_ERROR(_("Can't load config file: %s: %s"),
                  virGetLastErrorMessage(), remote_config_file);
1158
        exit(EXIT_FAILURE);
1159
    }
1160

1161 1162
    if (daemonSetupHostUUID(config) < 0) {
        VIR_ERROR(_("Can't setup host uuid"));
1163
        exit(EXIT_FAILURE);
1164 1165
    }

1166 1167
    if (daemonSetupLogging(config, privileged, verbose, godaemon) < 0) {
        VIR_ERROR(_("Can't initialize logging"));
1168
        exit(EXIT_FAILURE);
1169
    }
1170

1171 1172
    daemonSetupNetDevOpenvswitch(config);

1173 1174 1175 1176 1177
    if (daemonSetupAccessManager(config) < 0) {
        VIR_ERROR(_("Can't initialize access manager"));
        exit(EXIT_FAILURE);
    }

1178
    if (!pid_file &&
1179
        virPidFileConstructPath(privileged,
1180
                                RUNSTATEDIR,
1181
                                DAEMON_NAME,
1182
                                &pid_file) < 0) {
1183
        VIR_ERROR(_("Can't determine pid file path."));
1184
        exit(EXIT_FAILURE);
1185
    }
1186
    VIR_DEBUG("Decided on pid file path '%s'", NULLSTR(pid_file));
1187 1188 1189 1190

    if (daemonUnixSocketPaths(config,
                              privileged,
                              &sock_file,
1191 1192
                              &sock_file_ro,
                              &sock_file_adm) < 0) {
1193
        VIR_ERROR(_("Can't determine socket paths"));
1194
        exit(EXIT_FAILURE);
1195
    }
1196 1197 1198 1199
    VIR_DEBUG("Decided on socket paths '%s', '%s' and '%s'",
              sock_file,
              NULLSTR(sock_file_ro),
              NULLSTR(sock_file_adm));
1200

1201
    if (godaemon) {
1202
        char ebuf[1024];
1203 1204 1205 1206

        if (chdir("/") < 0) {
            VIR_ERROR(_("cannot change to root directory: %s"),
                      virStrerror(errno, ebuf, sizeof(ebuf)));
1207
            goto cleanup;
1208 1209
        }

1210
        if ((statuswrite = daemonForkIntoBackground(argv[0])) < 0) {
1211
            VIR_ERROR(_("Failed to fork as daemon: %s"),
1212
                      virStrerror(errno, ebuf, sizeof(ebuf)));
1213
            goto cleanup;
1214 1215 1216
        }
    }

1217 1218 1219 1220 1221 1222
    /* Try to claim the pidfile, exiting if we can't */
    if ((pid_file_fd = virPidFileAcquirePath(pid_file, false, getpid())) < 0) {
        ret = VIR_DAEMON_ERR_PIDFILE;
        goto cleanup;
    }

J
John Levon 已提交
1223
    /* Ensure the rundir exists (on tmpfs on some systems) */
1224
    if (privileged) {
1225
        if (VIR_STRDUP_QUIET(run_dir, RUNSTATEDIR "/libvirt") < 0) {
1226 1227 1228
            VIR_ERROR(_("Can't allocate memory"));
            goto cleanup;
        }
1229
    } else {
1230
        run_dir = virGetUserRuntimeDirectory();
1231

1232
        if (!run_dir) {
1233 1234
            VIR_ERROR(_("Can't determine user directory"));
            goto cleanup;
J
John Levon 已提交
1235 1236
        }
    }
1237 1238 1239 1240
    if (privileged)
        old_umask = umask(022);
    else
        old_umask = umask(077);
1241
    VIR_DEBUG("Ensuring run dir '%s' exists", run_dir);
1242 1243 1244 1245 1246 1247 1248 1249
    if (virFileMakePath(run_dir) < 0) {
        char ebuf[1024];
        VIR_ERROR(_("unable to create rundir %s: %s"), run_dir,
                  virStrerror(errno, ebuf, sizeof(ebuf)));
        ret = VIR_DAEMON_ERR_RUNDIR;
        goto cleanup;
    }
    umask(old_umask);
J
John Levon 已提交
1250

1251 1252 1253 1254 1255
    if (virNetlinkStartup() < 0) {
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }

1256
    if (!(dmn = virNetDaemonNew())) {
1257
        ret = VIR_DAEMON_ERR_DRIVER;
1258 1259 1260
        goto cleanup;
    }

1261
    if (!(srv = virNetServerNew(DAEMON_NAME, 1,
1262
                                config->min_workers,
1263
                                config->max_workers,
1264
                                config->prio_workers,
1265
                                config->max_clients,
1266
                                config->max_anonymous_clients,
1267 1268
                                config->keepalive_interval,
                                config->keepalive_count,
1269
                                remoteClientNew,
1270
                                NULL,
1271
                                remoteClientFree,
1272
                                NULL))) {
1273 1274 1275 1276
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }

1277
    if (virNetDaemonAddServer(dmn, srv) < 0) {
1278 1279 1280 1281
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }

1282 1283 1284 1285
    if (daemonInitialize() < 0) {
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }
1286

1287 1288 1289 1290 1291 1292 1293 1294 1295
    remoteProcs[REMOTE_PROC_AUTH_LIST].needAuth = false;
    remoteProcs[REMOTE_PROC_AUTH_SASL_INIT].needAuth = false;
    remoteProcs[REMOTE_PROC_AUTH_SASL_STEP].needAuth = false;
    remoteProcs[REMOTE_PROC_AUTH_SASL_START].needAuth = false;
    remoteProcs[REMOTE_PROC_AUTH_POLKIT].needAuth = false;
    if (!(remoteProgram = virNetServerProgramNew(REMOTE_PROGRAM,
                                                 REMOTE_PROTOCOL_VERSION,
                                                 remoteProcs,
                                                 remoteNProcs))) {
1296
        ret = VIR_DAEMON_ERR_INIT;
1297 1298 1299 1300 1301
        goto cleanup;
    }
    if (virNetServerAddProgram(srv, remoteProgram) < 0) {
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
1302
    }
1303

1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315
    if (!(lxcProgram = virNetServerProgramNew(LXC_PROGRAM,
                                              LXC_PROTOCOL_VERSION,
                                              lxcProcs,
                                              lxcNProcs))) {
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }
    if (virNetServerAddProgram(srv, lxcProgram) < 0) {
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }

1316 1317 1318 1319 1320 1321 1322 1323 1324 1325
    if (!(qemuProgram = virNetServerProgramNew(QEMU_PROGRAM,
                                               QEMU_PROTOCOL_VERSION,
                                               qemuProcs,
                                               qemuNProcs))) {
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }
    if (virNetServerAddProgram(srv, qemuProgram) < 0) {
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
1326
    }
1327

1328
    if (!(srvAdm = virNetServerNew("admin", 1,
1329
                                   config->admin_min_workers,
1330 1331 1332 1333 1334 1335
                                   config->admin_max_workers,
                                   0,
                                   config->admin_max_clients,
                                   0,
                                   config->admin_keepalive_interval,
                                   config->admin_keepalive_count,
1336
                                   remoteAdmClientNew,
1337
                                   NULL,
1338
                                   remoteAdmClientFree,
1339 1340 1341 1342 1343
                                   dmn))) {
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }

1344
    if (virNetDaemonAddServer(dmn, srvAdm) < 0) {
1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }

    if (!(adminProgram = virNetServerProgramNew(ADMIN_PROGRAM,
                                                ADMIN_PROTOCOL_VERSION,
                                                adminProcs,
                                                adminNProcs))) {
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }
    if (virNetServerAddProgram(srvAdm, adminProgram) < 0) {
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
    }

1361 1362
    if (timeout != -1) {
        VIR_DEBUG("Registering shutdown timeout %d", timeout);
1363
        virNetDaemonAutoShutdown(dmn, timeout);
1364
    }
1365

1366
    if ((daemonSetupSignals(dmn)) < 0) {
1367 1368
        ret = VIR_DAEMON_ERR_SIGNAL;
        goto cleanup;
1369
    }
D
Daniel P. Berrange 已提交
1370

1371
    if (config->audit_level) {
1372
        VIR_DEBUG("Attempting to configure auditing subsystem");
1373
        if (virAuditOpen(config->audit_level) < 0) {
1374
            if (config->audit_level > 1) {
1375
                ret = VIR_DAEMON_ERR_AUDIT;
1376
                goto cleanup;
1377
            }
1378
            VIR_DEBUG("Proceeding without auditing");
1379 1380
        }
    }
E
Eric Blake 已提交
1381
    virAuditLog(config->audit_logging > 0);
1382

1383
    /* setup the hooks if any */
1384
    if (virHookInitialize() < 0) {
1385
        ret = VIR_DAEMON_ERR_HOOKS;
1386
        goto cleanup;
1387 1388
    }

1389
    /* Disable error func, now logging is setup */
1390
    virSetErrorFunc(NULL, daemonErrorHandler);
1391
    virSetErrorLogPriorityFunc(daemonErrorLogFilter);
1392

1393 1394 1395 1396 1397 1398
    /*
     * Call the daemon startup hook
     * TODO: should we abort the daemon startup if the script returned
     *       an error ?
     */
    virHookCall(VIR_HOOK_DRIVER_DAEMON, "-", VIR_HOOK_DAEMON_OP_START,
1399
                0, "start", NULL, NULL);
1400

1401 1402
    if (daemonSetupNetworking(srv, srvAdm,
                              config,
1403 1404 1405 1406
#ifdef WITH_IP
                              ipsock,
                              privileged,
#endif /* !WITH_IP */
1407 1408
                              sock_file,
                              sock_file_ro,
1409
                              sock_file_adm) < 0) {
1410
        ret = VIR_DAEMON_ERR_NETWORK;
1411
        goto cleanup;
1412 1413
    }

1414 1415 1416 1417 1418 1419
    /* Tell parent of daemon that basic initialization is complete
     * In particular we're ready to accept net connections & have
     * written the pidfile
     */
    if (statuswrite != -1) {
        char status = 0;
1420
        ignore_value(safewrite(statuswrite, &status, 1));
1421
        VIR_FORCE_CLOSE(statuswrite);
1422 1423
    }

1424
    /* Initialize drivers & then start accepting new clients from network */
1425
    if (daemonStateInit(dmn) < 0) {
1426 1427
        ret = VIR_DAEMON_ERR_INIT;
        goto cleanup;
1428
    }
D
Daniel P. Berrange 已提交
1429

1430
#if defined(__linux__) && defined(NETLINK_ROUTE)
1431 1432
    /* Register the netlink event service for NETLINK_ROUTE */
    if (virNetlinkEventServiceStart(NETLINK_ROUTE, 0) < 0) {
1433 1434 1435
        ret = VIR_DAEMON_ERR_NETWORK;
        goto cleanup;
    }
1436
#endif
1437

1438
#if defined(__linux__) && defined(NETLINK_KOBJECT_UEVENT)
T
Tang Chen 已提交
1439 1440 1441 1442 1443
    /* Register the netlink event service for NETLINK_KOBJECT_UEVENT */
    if (virNetlinkEventServiceStart(NETLINK_KOBJECT_UEVENT, 1) < 0) {
        ret = VIR_DAEMON_ERR_NETWORK;
        goto cleanup;
    }
1444
#endif
T
Tang Chen 已提交
1445

1446
    /* Run event loop. */
1447
    virNetDaemonRun(dmn);
1448

1449 1450
    ret = 0;

1451
    virHookCall(VIR_HOOK_DRIVER_DAEMON, "-", VIR_HOOK_DAEMON_OP_SHUTDOWN,
1452
                0, "shutdown", NULL, NULL);
1453

1454
 cleanup:
1455 1456 1457
    /* Keep cleanup order in inverse order of startup */
    virNetDaemonClose(dmn);

1458
    virNetlinkEventServiceStopAll();
1459 1460 1461 1462 1463 1464 1465 1466

    if (driversInitialized) {
        /* NB: Possible issue with timing window between driversInitialized
         * setting if virNetlinkEventServerStart fails */
        driversInitialized = false;
        virStateCleanup();
    }

1467 1468
    virObjectUnref(adminProgram);
    virObjectUnref(srvAdm);
1469 1470 1471 1472 1473 1474
    virObjectUnref(qemuProgram);
    virObjectUnref(lxcProgram);
    virObjectUnref(remoteProgram);
    virObjectUnref(srv);
    virObjectUnref(dmn);

1475
    virNetlinkShutdown();
1476 1477 1478 1479 1480 1481

    if (pid_file_fd != -1)
        virPidFileReleasePath(pid_file, pid_file_fd);

    VIR_FREE(run_dir);

1482 1483 1484 1485
    if (statuswrite != -1) {
        if (ret != 0) {
            /* Tell parent of daemon what failed */
            char status = ret;
1486
            ignore_value(safewrite(statuswrite, &status, 1));
1487
        }
1488
        VIR_FORCE_CLOSE(statuswrite);
1489
    }
1490 1491 1492

    VIR_FREE(sock_file);
    VIR_FREE(sock_file_ro);
1493
    VIR_FREE(sock_file_adm);
1494

1495
    VIR_FREE(pid_file);
1496

1497
    VIR_FREE(remote_config_file);
1498 1499
    daemonConfigFree(config);

1500
    return ret;
D
Daniel P. Berrange 已提交
1501
}