On 03/22/2013 03:48 AM, Glauber Costa wrote:
In theory, we won't be able to run if our private area is not owned by
ourselves. We could, if it have very wide open security permissions, but we
should never set up a container like that.
Aside from a basic sanity check, this is intended to catch problems for the few
people who may have already created containers that will be owned by root:root,
and will now try to run it unprivileged.
Signed-off-by: Glauber Costa <[email protected]>
---
src/lib/env.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/src/lib/env.c b/src/lib/env.c
index 2da848d..ff4dad2 100644
--- a/src/lib/env.c
+++ b/src/lib/env.c
@@ -30,6 +30,7 @@
#include <linux/reboot.h>
#include <sys/mount.h>
#include <sys/utsname.h>
+#include <sys/stat.h>
#include "vzerror.h"
#include "res.h"
@@ -551,6 +552,18 @@ int vps_start_custom(vps_handler *h, envid_t veid,
vps_param *param,
logger(-1, 0, "Container is already running");
return VZ_VE_RUNNING;
}
+ if (!is_vz_kernel(h) && h->can_join_userns) {
+ struct stat private_stat;
+ stat(res->fs.private, &private_stat);
+ if ((private_stat.st_uid != *res->misc.local_uid) ||
+ (private_stat.st_gid != *res->misc.local_gid)) {
+ logger(-1, 0, "Container private area is owned by %d:%d"
+ ", but configuration file says we should run with
%lu:%lu.\n"
+ "Refusing to run.", private_stat.st_uid,
private_stat.st_gid,
+ *res->misc.local_uid, *res->misc.local_gid);
+ return VZ_FS_BAD_TMPL;
+ }
+ }
if ((ret = check_ub(h, &res->ub)))
return ret;
looks good (just add checks for local_* being non-NULL)
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel
