[lxc-devel] [PATCH 2/3] lxc-ls: Show a simple error message when non-root

Stéphane Graber stgraber at ubuntu.com
Tue Dec 4 21:39:36 UTC 2012


On 12/04/2012 04:34 PM, Serge Hallyn wrote:
> Quoting Stéphane Graber (stgraber at ubuntu.com):
>> Instead of returning a python stacktrace, check what the current euid is
>> and show an argparse error message similar to that used in lxc-start-ephemeral.
>>
>> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> 
> Wait, you must be root to call lxc-ls at all?

To be able to grab the state of the container, yes.

In the past anyone could run lxc-ls but the result would vary depending
on whether you were root or not as the active container list would
always be empty if non-root.

I'll put on my todo to see if I can change the code slightly so that I
don't use as_object when getting a simple list of all containers so that
unprivileged user can get the list as long as they don't need any status
information.

With that change, "lxc-ls" would work unprivileged but any of the other
options would required root.

>> ---
>>  src/lxc/lxc-ls | 7 +++++++
>>  1 file changed, 7 insertions(+)
>>
>> diff --git a/src/lxc/lxc-ls b/src/lxc/lxc-ls
>> index 8a1d1ed..2ad1f7f 100644
>> --- a/src/lxc/lxc-ls
>> +++ b/src/lxc/lxc-ls
>> @@ -32,6 +32,7 @@ warnings.filterwarnings("ignore", "The python-lxc API isn't yet stable")
>>  import argparse
>>  import gettext
>>  import lxc
>> +import os
>>  import re
>>  import sys
>>  
>> @@ -115,6 +116,12 @@ parser.add_argument("filter", metavar='FILTER', type=str, nargs="?",
>>  
>>  args = parser.parse_args()
>>  
>> +# Basic checks
>> +## The user needs to be uid 0
>> +if not os.geteuid() == 0:
>> +    parser.error(_("You must be root to run this script. Try running: sudo %s"
>> +                   % (sys.argv[0])))
>> +
>>  # --active is the same as --running --frozen
>>  if args.active:
>>      if not args.state:
>> -- 
>> 1.8.0
>>
>>
>> ------------------------------------------------------------------------------
>> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
>> Remotely access PCs and mobile devices and provide instant support
>> Improve your efficiency, and focus on delivering more value-add services
>> Discover what IT Professionals Know. Rescue delivers
>> http://p.sf.net/sfu/logmein_12329d2d
>> _______________________________________________
>> Lxc-devel mailing list
>> Lxc-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/lxc-devel


-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20121204/3be657ed/attachment.pgp>


More information about the lxc-devel mailing list