X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fnspawn%2Fnspawn.c;h=5af89c9b3238560e064d51fff46795ddb2a8e4bd;hb=3125b3ef5db70d45882c7d6f617705802c5f939e;hp=ae09f936f56b1f0cd7b62b7062aa26ee277ed445;hpb=249968612f16a71df909d6e73785c18a9ff36a65;p=elogind.git diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index ae09f936f..5af89c9b3 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -1606,9 +1606,10 @@ static int reset_audit_loginuid(void) { return 0; } -#define HASH_KEY SD_ID128_MAKE(c3,c4,f9,19,b5,57,b2,1c,e6,cf,14,27,03,9c,ee,a2) +#define HOST_HASH_KEY SD_ID128_MAKE(1a,37,6f,c7,46,ec,45,0b,ad,a3,d5,31,06,60,5d,b1) +#define CONTAINER_HASH_KEY SD_ID128_MAKE(c3,c4,f9,19,b5,57,b2,1c,e6,cf,14,27,03,9c,ee,a2) -static int get_mac(struct ether_addr *mac) { +static int generate_mac(struct ether_addr *mac, sd_id128_t hash_key) { int r; uint8_t result[8]; @@ -1630,7 +1631,7 @@ static int get_mac(struct ether_addr *mac) { /* Let's hash the host machine ID plus the container name. We * use a fixed, but originally randomly created hash key here. */ - siphash24(result, v, sz, HASH_KEY.bytes); + siphash24(result, v, sz, hash_key.bytes); assert_cc(ETH_ALEN <= sizeof(result)); memcpy(mac->ether_addr_octet, result, ETH_ALEN); @@ -1645,7 +1646,7 @@ static int get_mac(struct ether_addr *mac) { static int setup_veth(pid_t pid, char iface_name[IFNAMSIZ], int *ifi) { _cleanup_rtnl_message_unref_ sd_rtnl_message *m = NULL; _cleanup_rtnl_unref_ sd_rtnl *rtnl = NULL; - struct ether_addr mac; + struct ether_addr mac_host, mac_container; int r, i; if (!arg_private_network) @@ -1659,9 +1660,15 @@ static int setup_veth(pid_t pid, char iface_name[IFNAMSIZ], int *ifi) { snprintf(iface_name, IFNAMSIZ, "%s-%s", arg_network_bridge ? "vb" : "ve", arg_machine); - r = get_mac(&mac); + r = generate_mac(&mac_container, CONTAINER_HASH_KEY); if (r < 0) { - log_error("Failed to generate predictable MAC address for host0"); + log_error("Failed to generate predictable MAC address for container side"); + return r; + } + + r = generate_mac(&mac_host, HOST_HASH_KEY); + if (r < 0) { + log_error("Failed to generate predictable MAC address for host side"); return r; } @@ -1683,6 +1690,12 @@ static int setup_veth(pid_t pid, char iface_name[IFNAMSIZ], int *ifi) { return r; } + r = sd_rtnl_message_append_ether_addr(m, IFLA_ADDRESS, &mac_host); + if (r < 0) { + log_error("Failed to add netlink MAC address: %s", strerror(-r)); + return r; + } + r = sd_rtnl_message_open_container(m, IFLA_LINKINFO); if (r < 0) { log_error("Failed to open netlink container: %s", strerror(-r)); @@ -1707,7 +1720,7 @@ static int setup_veth(pid_t pid, char iface_name[IFNAMSIZ], int *ifi) { return r; } - r = sd_rtnl_message_append_ether_addr(m, IFLA_ADDRESS, &mac); + r = sd_rtnl_message_append_ether_addr(m, IFLA_ADDRESS, &mac_container); if (r < 0) { log_error("Failed to add netlink MAC address: %s", strerror(-r)); return r; @@ -1873,7 +1886,7 @@ static int move_network_interfaces(pid_t pid) { if (ifi < 0) return ifi; - r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, ifi); + r = sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, ifi); if (r < 0) { log_error("Failed to allocate netlink message: %s", strerror(-r)); return r; @@ -3058,7 +3071,9 @@ int main(int argc, char *argv[]) { goto finish; } - sd_notify(0, "READY=1"); + sd_notify(false, + "READY=1\n" + "STATUS=Container running."); assert_se(sigemptyset(&mask) == 0); assert_se(sigemptyset(&mask_chld) == 0); @@ -3141,9 +3156,7 @@ int main(int argc, char *argv[]) { kmsg_socket_pair[0] = safe_close(kmsg_socket_pair[0]); reset_all_signal_handlers(); - - assert_se(sigemptyset(&mask) == 0); - assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0); + reset_signal_mask(); k = open_terminal(console, O_RDWR); if (k != STDIN_FILENO) { @@ -3491,6 +3504,10 @@ int main(int argc, char *argv[]) { } finish: + sd_notify(false, + "STOPPING=1\n" + "STATUS=Terminating..."); + loop_remove(loop_nr, &image_fd); if (pid > 0)