openeuler-stratovirt
/
vhost_user_fs
/
src
/
main.rs

// Copyright (c) 2022 Huawei Technologies Co.,Ltd. All rights reserved.
//
// StratoVirt is licensed under Mulan PSL v2.
// You can use this software according to the terms and conditions of the Mulan
// PSL v2.
// You may obtain a copy of Mulan PSL v2 at:
//         http://license.coscl.org.cn/MulanPSL2
// THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY
// KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
// NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
// See the Mulan PSL v2 for more details.

use anyhow::{bail, Context, Result};
use log::{error, info};
use machine_manager::event_loop::EventLoop;
use machine_manager::signal_handler;
use std::collections::HashSet;
use std::io::Write;
use std::os::unix::fs::OpenOptionsExt;
use std::sync::{Arc, Mutex};
use thiserror::Error;
use util::arg_parser::ArgMatches;
use util::{arg_parser, logger};
use vhost_user_fs::cmdline::{create_args_parser, create_fs_config, FsConfig};
use vhost_user_fs::sandbox::Sandbox;
use vhost_user_fs::securecomputing::{seccomp_filter, string_to_seccompopt, SeccompOpt};
use vhost_user_fs::vhost_user_fs::VhostUserFs;

#[derive(Error, Debug)]
pub enum MainError {
    #[error("VhostUserFs")]
    VhostUserFs {
        #[from]
        source: vhost_user_fs::error::VhostUserFsError,
    },
    #[error("Util")]
    Util {
        #[from]
        source: util::error::UtilError,
    },
    #[error("Io")]
    Io {
        #[from]
        source: std::io::Error,
    },
}

pub trait ExitCode {
    /// Returns the value to use as the exit status.
    fn code(self) -> i32;
}

impl ExitCode for i32 {
    fn code(self) -> i32 {
        self
    }
}

impl ExitCode for () {
    fn code(self) -> i32 {
        0
    }
}

fn main() {
    ::std::process::exit(match run() {
        Ok(ret) => ExitCode::code(ret),
        Err(ref e) => {
            write!(&mut ::std::io::stderr(), "{}", format!("{:?}\r\n", e))
                .expect("Error writing to stderr");

            1
        }
    });
}

fn parse_capabilities(cmd_args: &arg_parser::ArgMatches) -> Result<HashSet<String>> {
    let mut add_caps = HashSet::new();

    add_caps.insert("CHOWN".to_string());
    add_caps.insert("DAC_OVERRIDE".to_string());
    add_caps.insert("FOWNER".to_string());
    add_caps.insert("FSETID".to_string());
    add_caps.insert("SETGID".to_string());
    add_caps.insert("SETUID".to_string());
    add_caps.insert("MKNOD".to_string());
    add_caps.insert("SETFCAP".to_string());

    if let Some(capabilities_str) = cmd_args.value_of("modcaps") {
        let cut = &capabilities_str;
        for s in cut.split(',').map(str::to_string) {
            if s.is_empty() {
                bail!("empty capability");
            }
            let (addorsub, capability_literal) = s.split_at(1);
            let capability = capability_literal.to_uppercase().to_string();
            if capng::name_to_capability(capability.as_str()).is_err() {
                bail!("invalid capability {}", s);
            }
            match addorsub {
                "+" => {
                    info!("add capability:{}", &capability);
                    add_caps.insert(capability);
                }
                "-" => {
                    info!("del capability:{}", &capability);
                    add_caps.remove(&capability);
                }
                _ => bail!("The first char before capability name must be + or - "),
            }
        }
    }
    Ok(add_caps)
}

fn run() -> Result<()> {
    let cmd_args = create_args_parser().get_matches()?;

    if let Some(logfile_path) = cmd_args.value_of("display log") {
        init_log(logfile_path)?;
    }
    signal_handler::register_kill_signal();
    set_panic_hook();
    match real_main(&cmd_args) {
        Ok(()) => info!("EventLoop over, Vm exit"),
        Err(ref e) => {
            error!("{:?}", e);
        }
    }

    Ok(())
}

fn real_main(cmd_args: &arg_parser::ArgMatches) -> Result<()> {
    let mut fsconfig: FsConfig = create_fs_config(cmd_args)?;
    info!("FsConfig is {:?}", fsconfig);

    let source_dir = cmd_args.value_of("source dir").unwrap();
    let mut sandbox = Sandbox::new(source_dir);
    if let Some(sandbox_value) = cmd_args.value_of("sandbox") {
        match sandbox_value.as_str() {
            "chroot" => sandbox.enable_chroot(),
            "namespace" => sandbox.enable_namespace(),
            _ => Ok(()),
        }?;
    };
    if sandbox.proc_self_fd.is_some() {
        fsconfig.proc_dir_opt = sandbox.proc_self_fd;
    }

    if let Some(seccomp) = cmd_args.value_of("seccomp") {
        let seccomp_opt = string_to_seccompopt(seccomp);
        match seccomp_opt {
            SeccompOpt::Allow => {}
            _ => seccomp_filter(seccomp_opt).unwrap(),
        }
    }
    update_capabilities(cmd_args)?;
    EventLoop::object_init(&None)?;

    let vhost_user_fs = Arc::new(Mutex::new(
        VhostUserFs::new(fsconfig).with_context(|| "Failed to create vhost use fs")?,
    ));
    EventLoop::set_manager(vhost_user_fs.clone(), None);

    vhost_user_fs
        .lock()
        .unwrap()
        .add_event_notifier()
        .with_context(|| "Failed to add event")?;

    EventLoop::loop_run().with_context(|| "EventLoop exits unexpectedly: error occurs")?;
    Ok(())
}

fn update_capabilities(cmd_args: &ArgMatches) -> Result<()> {
    let add = parse_capabilities(cmd_args)?;
    capng::clear(capng::Set::BOTH);
    if let Err(e) = capng::updatev(
        capng::Action::ADD,
        capng::Type::PERMITTED | capng::Type::EFFECTIVE,
        add.iter().map(String::as_str).collect(),
    ) {
        bail!("can't set up the child capabilities: {}", e);
    }
    if let Err(e) = capng::apply(capng::Set::BOTH) {
        bail!("can't apply the child capabilities: {}", e);
    }
    Ok(())
}

fn init_log(logfile_path: String) -> Result<()> {
    if logfile_path.is_empty() {
        logger::init_logger_with_env(Some(Box::new(std::io::stdout())))
            .with_context(|| "Failed to init logger")?;
    } else {
        let logfile = std::fs::OpenOptions::new()
            .read(false)
            .write(true)
            .append(true)
            .create(true)
            .mode(0o640)
            .open(logfile_path.clone())
            .with_context(|| format!("Failed to open log file {}", logfile_path))?;
        logger::init_logger_with_env(Some(Box::new(logfile)))
            .with_context(|| format!("Failed to init logger {}", logfile_path))?;
    }

    Ok(())
}

fn set_panic_hook() {
    std::panic::set_hook(Box::new(|panic_msg| {
        let panic_file = panic_msg.location().map_or("", |loc| loc.file());
        let panic_line = panic_msg.location().map_or(0, |loc| loc.line());
        if let Some(msg) = panic_msg.payload().downcast_ref::<&str>() {
            error!("Panic at [{}: {}]: {}.", panic_file, panic_line, msg);
        } else {
            error!("Panic at [{}: {}].", panic_file, panic_line);
        }
    }));
}