From: Serge Hallyn <serge.hal...@ubuntu.com>
Just make sure we are root if we are asked to deal with something other
than a directory, and make sure we have permission to create the
container in the given lxcpath.
The templates will need much more work.
Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>
---
src/lxc/lxc_create.c | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/src/lxc/lxc_create.c b/src/lxc/lxc_create.c
index bd08ea2..ab5886b 100644
--- a/src/lxc/lxc_create.c
+++ b/src/lxc/lxc_create.c
@@ -171,13 +171,6 @@ int main(int argc, char *argv[])
struct bdev_specs spec;
int flags = 0;
- /* this is a short term test. We'll probably want to check for
- * write access to lxcpath instead */
- if (geteuid()) {
- fprintf(stderr, "%s must be run as root\n", argv[0]);
- exit(1);
- }
-
if (lxc_arguments_parse(&my_args, argc, argv))
exit(1);
@@ -191,6 +184,18 @@ int main(int argc, char *argv[])
if (!validate_bdev_args(&my_args))
exit(1);
+ if (geteuid()) {
+ if (access(my_args.lxcpath[0], O_RDWR) < 0) {
+ fprintf(stderr, "You lack access to %s\n",
my_args.lxcpath[0]);
+ exit(1);
+ }
+ if (strcmp(my_args.bdevtype, "dir") && strcmp(my_args.bdevtype,
"_unset")) {
+ fprintf(stderr, "Unprivileged users can only create
directory backed containers\n");
+ exit(1);
+ }
+ }
+
+
c = lxc_container_new(my_args.name, my_args.lxcpath[0]);
if (!c) {
fprintf(stderr, "System error loading container\n");
--
1.8.3.2
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
