[lxc-devel] [PATCH] lxc-ls: Update code to allow non-root listing

Wed Dec 5 14:23:55 UTC 2012

Quoting Stéphane Graber (stgraber at ubuntu.com):
> Re-arrange the code so that we only grab the container object when doing
> something more than building a simple list of existing containers.
> 
> This means that now the following calls can run unprivileged:
>  - lxc-ls
>  - lxc-ls -1
> 
> Everything else will still require root privileges.
> 
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>

Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

> ---
>  src/lxc/lxc-ls | 34 +++++++++++++++++++++-------------
>  1 file changed, 21 insertions(+), 13 deletions(-)
> 
> diff --git a/src/lxc/lxc-ls b/src/lxc/lxc-ls
> index 2ad1f7f..98b7861 100644
> --- a/src/lxc/lxc-ls
> +++ b/src/lxc/lxc-ls
> @@ -116,12 +116,6 @@ parser.add_argument("filter", metavar='FILTER', type=str, nargs="?",
>  
>  args = parser.parse_args()
>  
> -# Basic checks
> -## The user needs to be uid 0
> -if not os.geteuid() == 0:
> -    parser.error(_("You must be root to run this script. Try running: sudo %s"
> -                   % (sys.argv[0])))
> -
>  # --active is the same as --running --frozen
>  if args.active:
>      if not args.state:
> @@ -135,19 +129,33 @@ if not sys.stdout.isatty():
>  # Turn args.fancy_format into a list
>  args.fancy_format = args.fancy_format.strip().split(",")
>  
> +# Basic checks
> +## The user needs to be uid 0
> +if not os.geteuid() == 0 and (args.fancy or args.state):
> +    parser.error(_("You must be root to access advanced container properties. "
> +                   "Try running: sudo %s"
> +                   % (sys.argv[0])))
> +
>  # List of containers, stored as dictionaries
>  containers = []
> -for container in lxc.list_containers(as_object=True):
> -    # Filter by status
> -    if args.state and container.state not in args.state:
> -        continue
> +for container_name in lxc.list_containers():
> +    entry = {}
> +    entry['name'] = container_name
>  
>      # Apply filter
> -    if args.filter and not re.match(args.filter, container.name):
> +    if args.filter and not re.match(args.filter, container_name):
>          continue
>  
> -    entry = {}
> -    entry['name'] = container.name
> +    # Return before grabbing the object (non-root)
> +    if not args.state and not args.fancy:
> +        containers.append(entry)
> +        continue
> +
> +    container = lxc.Container(container_name)
> +
> +    # Filter by status
> +    if args.state and container.state not in args.state:
> +        continue
>  
>      # Nothing more is needed if we're not printing some fancy output
>      if not args.fancy:
> -- 
> 1.8.0
> 
> 
> ------------------------------------------------------------------------------
> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> Remotely access PCs and mobile devices and provide instant support
> Improve your efficiency, and focus on delivering more value-add services
> Discover what IT Professionals Know. Rescue delivers
> http://p.sf.net/sfu/logmein_12329d2d
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel