Apache Mesos
ns.hpp
Go to the documentation of this file.
1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements. See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership. The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License. You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 
17 #ifndef __LINUX_NS_HPP__
18 #define __LINUX_NS_HPP__
19 
20 // This file contains Linux-only OS utilities.
21 #ifndef __linux__
22 #error "linux/ns.hpp is only available on Linux systems."
23 #endif
24 
25 #include <sched.h>
26 
27 #include <sys/syscall.h>
28 
29 #include <set>
30 #include <string>
31 
32 #include <stout/lambda.hpp>
33 #include <stout/nothing.hpp>
34 #include <stout/result.hpp>
35 #include <stout/try.hpp>
36 
37 #ifndef CLONE_NEWNS
38 #define CLONE_NEWNS 0x00020000
39 #endif
40 
41 #ifndef CLONE_NEWUTS
42 #define CLONE_NEWUTS 0x04000000
43 #endif
44 
45 #ifndef CLONE_NEWIPC
46 #define CLONE_NEWIPC 0x08000000
47 #endif
48 
49 #ifndef CLONE_NEWPID
50 #define CLONE_NEWPID 0x20000000
51 #endif
52 
53 #ifndef CLONE_NEWNET
54 #define CLONE_NEWNET 0x40000000
55 #endif
56 
57 #ifndef CLONE_NEWUSER
58 #define CLONE_NEWUSER 0x10000000
59 #endif
60 
61 #ifndef CLONE_NEWCGROUP
62 #define CLONE_NEWCGROUP 0x02000000
63 #endif
64 
65 // Define a 'setns' for compilation environments that don't already
66 // have one.
67 inline int setns(int fd, int nstype)
68 {
69 #ifdef SYS_setns
70  return ::syscall(SYS_setns, fd, nstype);
71 #elif defined(__x86_64__)
72  // A workaround for those hosts that have an old glibc (older than
73  // 2.14) but have a new kernel. The magic number '308' here is the
74  // syscall number for 'setns' on x86_64 architecture.
75  return ::syscall(308, fd, nstype);
76 #else
77 #error "setns is not available"
78 #endif
79 }
80 
81 namespace ns {
82 
83 // Returns the nstype (e.g., CLONE_NEWNET, CLONE_NEWNS, etc.) for the
84 // given namespace which can be used when calling ::setns.
85 Try<int> nstype(const std::string& ns);
86 
87 
88 // Given a single CLONE_NEW* constant, return the corresponding namespace
89 // name. This is the inverse of ns::nstype().
90 Try<std::string> nsname(int nsType);
91 
92 
93 // Returns all the configured kernel namespaces.
94 std::set<int> nstypes();
95 
96 
97 // Returns true if all the given CLONE_NEW* constants are supported
98 // in the running kernel. If CLONE_NEWUSER is specified, the kernel
99 // version must be at least 3.12.0 since prior to that version, major
100 // kernel subsystems (e.g. XFS) did not implement user namespace
101 // support. See also user_namespaces(7).
102 Try<bool> supported(int nsTypes);
103 
104 
105 // Re-associate the calling process with the specified namespace. The
106 // path refers to one of the corresponding namespace entries in the
107 // /proc/[pid]/ns/ directory (or bind mounted elsewhere). We do not
108 // allow a process with multiple threads to call this function because
109 // it will lead to some weird situations where different threads of a
110 // process are in different namespaces.
112  const std::string& path,
113  const std::string& ns,
114  bool checkMultithreaded = true);
115 
116 
117 // Re-associate the calling process with the specified namespace. The
118 // pid specifies the process whose namespace we will associate.
120  pid_t pid,
121  const std::string& ns,
122  bool checkMultithreaded = true);
123 
124 
125 // Get the inode number of the specified namespace for the specified
126 // pid. The inode number identifies the namespace and can be used for
127 // comparisons, i.e., two processes with the same inode for a given
128 // namespace type are in the same namespace.
129 Result<ino_t> getns(pid_t pid, const std::string& ns);
130 
131 
171  pid_t target,
172  int nstypes,
173  const lambda::function<int()>& f,
174  int flags);
175 
176 
177 // Returns the namespace flags in the string form of bitwise-ORing the
178 // flags, e.g., CLONE_NEWNS | CLONE_NEWNET.
179 std::string stringify(int flags);
180 
181 } // namespace ns {
182 
183 #endif // __LINUX_NS_HPP__
Definition: path.hpp:26
Try< pid_t > clone(pid_t target, int nstypes, const lambda::function< int()> &f, int flags)
Performs an os::clone after entering a set of namespaces for the specified target process...
Try< bool > supported(int nsTypes)
F && f
Definition: defer.hpp:270
Definition: check.hpp:33
int setns(int fd, int nstype)
Definition: ns.hpp:67
Try< std::string > nsname(int nsType)
Try< Nothing > setns(const std::string &path, const std::string &ns, bool checkMultithreaded=true)
Definition: check.hpp:30
std::set< int > nstypes()
DWORD pid_t
Definition: windows.hpp:187
Result< ino_t > getns(pid_t pid, const std::string &ns)
Definition: ns.hpp:81
Try< int > nstype(const std::string &ns)
std::string stringify(int flags)
Definition: parse.hpp:33