[lxc-devel] [PATCH 2/3] lxc-ls: Show a simple error message when non-root
Serge Hallyn
serge.hallyn at canonical.com
Tue Dec 4 21:51:53 UTC 2012
Quoting Stéphane Graber (stgraber at ubuntu.com):
> On 12/04/2012 04:34 PM, Serge Hallyn wrote:
> > Quoting Stéphane Graber (stgraber at ubuntu.com):
> >> Instead of returning a python stacktrace, check what the current euid is
> >> and show an argparse error message similar to that used in lxc-start-ephemeral.
> >>
> >> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> >
> > Wait, you must be root to call lxc-ls at all?
>
> To be able to grab the state of the container, yes.
>
> In the past anyone could run lxc-ls but the result would vary depending
> on whether you were root or not as the active container list would
> always be empty if non-root.
Not with the lxc-ls in ubuntu, at least, unless lxc-start caller had
a funky umask.
Well, if it's needed for now, then
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> I'll put on my todo to see if I can change the code slightly so that I
> don't use as_object when getting a simple list of all containers so that
> unprivileged user can get the list as long as they don't need any status
> information.
>
> With that change, "lxc-ls" would work unprivileged but any of the other
> options would required root.
>
> >> ---
> >> src/lxc/lxc-ls | 7 +++++++
> >> 1 file changed, 7 insertions(+)
> >>
> >> diff --git a/src/lxc/lxc-ls b/src/lxc/lxc-ls
> >> index 8a1d1ed..2ad1f7f 100644
> >> --- a/src/lxc/lxc-ls
> >> +++ b/src/lxc/lxc-ls
> >> @@ -32,6 +32,7 @@ warnings.filterwarnings("ignore", "The python-lxc API isn't yet stable")
> >> import argparse
> >> import gettext
> >> import lxc
> >> +import os
> >> import re
> >> import sys
> >>
> >> @@ -115,6 +116,12 @@ parser.add_argument("filter", metavar='FILTER', type=str, nargs="?",
> >>
> >> args = parser.parse_args()
> >>
> >> +# Basic checks
> >> +## The user needs to be uid 0
> >> +if not os.geteuid() == 0:
> >> + parser.error(_("You must be root to run this script. Try running: sudo %s"
> >> + % (sys.argv[0])))
> >> +
> >> # --active is the same as --running --frozen
> >> if args.active:
> >> if not args.state:
> >> --
> >> 1.8.0
> >>
> >>
> >> ------------------------------------------------------------------------------
> >> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> >> Remotely access PCs and mobile devices and provide instant support
> >> Improve your efficiency, and focus on delivering more value-add services
> >> Discover what IT Professionals Know. Rescue delivers
> >> http://p.sf.net/sfu/logmein_12329d2d
> >> _______________________________________________
> >> Lxc-devel mailing list
> >> Lxc-devel at lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/lxc-devel
>
>
> --
> Stéphane Graber
> Ubuntu developer
> http://www.ubuntu.com
>
> ------------------------------------------------------------------------------
> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> Remotely access PCs and mobile devices and provide instant support
> Improve your efficiency, and focus on delivering more value-add services
> Discover what IT Professionals Know. Rescue delivers
> http://p.sf.net/sfu/logmein_12329d2d
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
More information about the lxc-devel
mailing list