On Fri, Jul 19, 2013 at 02:26:49PM +0000, Serge Hallyn wrote: > From: Serge Hallyn <serge.hal...@ubuntu.com> > > Just make sure we are root if we are asked to deal with something other > than a directory, and make sure we have permission to create the > container in the given lxcpath. > > The templates will need much more work. > > Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>
Acked-by: Stéphane Graber <stgra...@ubuntu.com>
> ---
> src/lxc/lxc_create.c | 19 ++++++++++++-------
> 1 file changed, 12 insertions(+), 7 deletions(-)
>
> diff --git a/src/lxc/lxc_create.c b/src/lxc/lxc_create.c
> index bd08ea2..ab5886b 100644
> --- a/src/lxc/lxc_create.c
> +++ b/src/lxc/lxc_create.c
> @@ -171,13 +171,6 @@ int main(int argc, char *argv[])
> struct bdev_specs spec;
> int flags = 0;
>
> - /* this is a short term test. We'll probably want to check for
> - * write access to lxcpath instead */
> - if (geteuid()) {
> - fprintf(stderr, "%s must be run as root\n", argv[0]);
> - exit(1);
> - }
> -
> if (lxc_arguments_parse(&my_args, argc, argv))
> exit(1);
>
> @@ -191,6 +184,18 @@ int main(int argc, char *argv[])
> if (!validate_bdev_args(&my_args))
> exit(1);
>
> + if (geteuid()) {
> + if (access(my_args.lxcpath[0], O_RDWR) < 0) {
> + fprintf(stderr, "You lack access to %s\n",
> my_args.lxcpath[0]);
> + exit(1);
> + }
> + if (strcmp(my_args.bdevtype, "dir") && strcmp(my_args.bdevtype,
> "_unset")) {
> + fprintf(stderr, "Unprivileged users can only create
> directory backed containers\n");
> + exit(1);
> + }
> + }
> +
> +
> c = lxc_container_new(my_args.name, my_args.lxcpath[0]);
> if (!c) {
> fprintf(stderr, "System error loading container\n");
> --
> 1.8.3.2
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
