[lxc-devel] [PATCH] lxc-ls: Update code to allow non-root listing
Serge Hallyn
serge.hallyn at canonical.com
Wed Dec 5 14:23:55 UTC 2012
Quoting Stéphane Graber (stgraber at ubuntu.com):
> Re-arrange the code so that we only grab the container object when doing
> something more than building a simple list of existing containers.
>
> This means that now the following calls can run unprivileged:
> - lxc-ls
> - lxc-ls -1
>
> Everything else will still require root privileges.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> ---
> src/lxc/lxc-ls | 34 +++++++++++++++++++++-------------
> 1 file changed, 21 insertions(+), 13 deletions(-)
>
> diff --git a/src/lxc/lxc-ls b/src/lxc/lxc-ls
> index 2ad1f7f..98b7861 100644
> --- a/src/lxc/lxc-ls
> +++ b/src/lxc/lxc-ls
> @@ -116,12 +116,6 @@ parser.add_argument("filter", metavar='FILTER', type=str, nargs="?",
>
> args = parser.parse_args()
>
> -# Basic checks
> -## The user needs to be uid 0
> -if not os.geteuid() == 0:
> - parser.error(_("You must be root to run this script. Try running: sudo %s"
> - % (sys.argv[0])))
> -
> # --active is the same as --running --frozen
> if args.active:
> if not args.state:
> @@ -135,19 +129,33 @@ if not sys.stdout.isatty():
> # Turn args.fancy_format into a list
> args.fancy_format = args.fancy_format.strip().split(",")
>
> +# Basic checks
> +## The user needs to be uid 0
> +if not os.geteuid() == 0 and (args.fancy or args.state):
> + parser.error(_("You must be root to access advanced container properties. "
> + "Try running: sudo %s"
> + % (sys.argv[0])))
> +
> # List of containers, stored as dictionaries
> containers = []
> -for container in lxc.list_containers(as_object=True):
> - # Filter by status
> - if args.state and container.state not in args.state:
> - continue
> +for container_name in lxc.list_containers():
> + entry = {}
> + entry['name'] = container_name
>
> # Apply filter
> - if args.filter and not re.match(args.filter, container.name):
> + if args.filter and not re.match(args.filter, container_name):
> continue
>
> - entry = {}
> - entry['name'] = container.name
> + # Return before grabbing the object (non-root)
> + if not args.state and not args.fancy:
> + containers.append(entry)
> + continue
> +
> + container = lxc.Container(container_name)
> +
> + # Filter by status
> + if args.state and container.state not in args.state:
> + continue
>
> # Nothing more is needed if we're not printing some fancy output
> if not args.fancy:
> --
> 1.8.0
>
>
> ------------------------------------------------------------------------------
> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> Remotely access PCs and mobile devices and provide instant support
> Improve your efficiency, and focus on delivering more value-add services
> Discover what IT Professionals Know. Rescue delivers
> http://p.sf.net/sfu/logmein_12329d2d
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
More information about the lxc-devel
mailing list