[lxc-devel] [PATCH] lxc-ls: Update code to allow non-root listing

Stéphane Graber stgraber at ubuntu.com
Tue Dec 4 22:42:46 UTC 2012 

Re-arrange the code so that we only grab the container object when doing
something more than building a simple list of existing containers.

This means that now the following calls can run unprivileged:
 - lxc-ls
 - lxc-ls -1

Everything else will still require root privileges.

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 src/lxc/lxc-ls | 34 +++++++++++++++++++++-------------
 1 file changed, 21 insertions(+), 13 deletions(-)

diff --git a/src/lxc/lxc-ls b/src/lxc/lxc-ls
index 2ad1f7f..98b7861 100644
--- a/src/lxc/lxc-ls
+++ b/src/lxc/lxc-ls
@@ -116,12 +116,6 @@ parser.add_argument("filter", metavar='FILTER', type=str, nargs="?",
 
 args = parser.parse_args()
 
-# Basic checks
-## The user needs to be uid 0
-if not os.geteuid() == 0:
-    parser.error(_("You must be root to run this script. Try running: sudo %s"
-                   % (sys.argv[0])))
-
 # --active is the same as --running --frozen
 if args.active:
     if not args.state:
@@ -135,19 +129,33 @@ if not sys.stdout.isatty():
 # Turn args.fancy_format into a list
 args.fancy_format = args.fancy_format.strip().split(",")
 
+# Basic checks
+## The user needs to be uid 0
+if not os.geteuid() == 0 and (args.fancy or args.state):
+    parser.error(_("You must be root to access advanced container properties. "
+                   "Try running: sudo %s"
+                   % (sys.argv[0])))
+
 # List of containers, stored as dictionaries
 containers = []
-for container in lxc.list_containers(as_object=True):
-    # Filter by status
-    if args.state and container.state not in args.state:
-        continue
+for container_name in lxc.list_containers():
+    entry = {}
+    entry['name'] = container_name
 
     # Apply filter
-    if args.filter and not re.match(args.filter, container.name):
+    if args.filter and not re.match(args.filter, container_name):
         continue
 
-    entry = {}
-    entry['name'] = container.name
+    # Return before grabbing the object (non-root)
+    if not args.state and not args.fancy:
+        containers.append(entry)
+        continue
+
+    container = lxc.Container(container_name)
+
+    # Filter by status
+    if args.state and container.state not in args.state:
+        continue
 
     # Nothing more is needed if we're not printing some fancy output
     if not args.fancy:
-- 
1.8.0

More information about the lxc-devel mailing list