[lxc-devel] [PATCH] Improve behaviour for unprivileged users
Stéphane Graber
stgraber at ubuntu.com
Wed Oct 2 22:25:37 UTC 2013
This mostly changes two things:
- Only log to the container's logfile on start/stop/restart/execute
- Call may_control() every time we use the API and return
"Insufficient privileges" on failure.
NOTE: I didn't test every single one of those but I'm fairly confident
in my copy/paste abilities and I confirmed they all build fine at least.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
src/lxc/lxc_attach.c | 3 +++
src/lxc/lxc_cgroup.c | 9 +++++++++
src/lxc/lxc_checkpoint.c | 3 +++
src/lxc/lxc_clone.c | 6 ++++++
src/lxc/lxc_console.c | 8 ++++++++
src/lxc/lxc_create.c | 3 +++
src/lxc/lxc_destroy.c | 8 ++++++++
src/lxc/lxc_freeze.c | 8 ++++++++
src/lxc/lxc_info.c | 8 ++++++++
src/lxc/lxc_kill.c | 3 +++
src/lxc/lxc_monitor.c | 3 +++
src/lxc/lxc_snapshot.c | 8 ++++++++
src/lxc/lxc_stop.c | 5 +++++
src/lxc/lxc_unfreeze.c | 8 ++++++++
src/lxc/lxc_wait.c | 8 ++++++++
15 files changed, 91 insertions(+)
diff --git a/src/lxc/lxc_attach.c b/src/lxc/lxc_attach.c
index 4ca00a9..bd4e674 100644
--- a/src/lxc/lxc_attach.c
+++ b/src/lxc/lxc_attach.c
@@ -188,6 +188,9 @@ int main(int argc, char *argv[])
if (ret)
return ret;
+ if (!my_args.log_file)
+ my_args.log_file = "none";
+
ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0]);
if (ret)
diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c
index 2c0508c..b9727a0 100644
--- a/src/lxc/lxc_cgroup.c
+++ b/src/lxc/lxc_cgroup.c
@@ -70,6 +70,9 @@ int main(int argc, char *argv[])
if (lxc_arguments_parse(&my_args, argc, argv))
return -1;
+ if (!my_args.log_file)
+ my_args.log_file = "none";
+
if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0]))
return -1;
@@ -79,6 +82,12 @@ int main(int argc, char *argv[])
c = lxc_container_new(my_args.name, my_args.lxcpath[0]);
if (!c)
return -1;
+
+ if (!c->may_control(c)) {
+ ERROR("Insufficent privileges to control %s:%s", my_args.lxcpath[0], my_args.name);
+ return -1;
+ }
+
if (!c->is_running(c)) {
ERROR("'%s:%s' is not running", my_args.lxcpath[0], my_args.name);
lxc_container_put(c);
diff --git a/src/lxc/lxc_checkpoint.c b/src/lxc/lxc_checkpoint.c
index ecf19b1..f6a0313 100644
--- a/src/lxc/lxc_checkpoint.c
+++ b/src/lxc/lxc_checkpoint.c
@@ -115,6 +115,9 @@ int main(int argc, char *argv[])
if (ret)
return ret;
+ if (!my_args.log_file)
+ my_args.log_file = "none";
+
ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0]);
if (ret)
diff --git a/src/lxc/lxc_clone.c b/src/lxc/lxc_clone.c
index e0be9da..e01c98b 100644
--- a/src/lxc/lxc_clone.c
+++ b/src/lxc/lxc_clone.c
@@ -160,6 +160,12 @@ int main(int argc, char *argv[])
c1 = lxc_container_new(orig, lxcpath);
if (!c1)
exit(1);
+
+ if (!c1->may_control(c1)) {
+ fprintf(stderr, "Insufficent privileges to control %s\n", orig);
+ return -1;
+ }
+
if (!c1->is_defined(c1)) {
fprintf(stderr, "Error: container %s is not defined\n", orig);
lxc_container_put(c1);
diff --git a/src/lxc/lxc_console.c b/src/lxc/lxc_console.c
index ea1e999..f5d16fa 100644
--- a/src/lxc/lxc_console.c
+++ b/src/lxc/lxc_console.c
@@ -97,6 +97,9 @@ int main(int argc, char *argv[])
if (ret)
return EXIT_FAILURE;
+ if (!my_args.log_file)
+ my_args.log_file = "none";
+
ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0]);
if (ret)
@@ -108,6 +111,11 @@ int main(int argc, char *argv[])
exit(EXIT_FAILURE);
}
+ if (!c->may_control(c)) {
+ fprintf(stderr, "Insufficent privileges to control %s\n", my_args.name);
+ return -1;
+ }
+
if (!c->is_running(c)) {
fprintf(stderr, "%s is not running\n", my_args.name);
exit(EXIT_FAILURE);
diff --git a/src/lxc/lxc_create.c b/src/lxc/lxc_create.c
index f577e30..98cca32 100644
--- a/src/lxc/lxc_create.c
+++ b/src/lxc/lxc_create.c
@@ -174,6 +174,9 @@ int main(int argc, char *argv[])
if (lxc_arguments_parse(&my_args, argc, argv))
exit(1);
+ if (!my_args.log_file)
+ my_args.log_file = "none";
+
if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0]))
exit(1);
diff --git a/src/lxc/lxc_destroy.c b/src/lxc/lxc_destroy.c
index a1f73ca..d50fcf1 100644
--- a/src/lxc/lxc_destroy.c
+++ b/src/lxc/lxc_destroy.c
@@ -74,6 +74,9 @@ int main(int argc, char *argv[])
if (lxc_arguments_parse(&my_args, argc, argv))
exit(1);
+ if (!my_args.log_file)
+ my_args.log_file = "none";
+
if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0]))
exit(1);
@@ -84,6 +87,11 @@ int main(int argc, char *argv[])
exit(1);
}
+ if (!c->may_control(c)) {
+ fprintf(stderr, "Insufficent privileges to control %s\n", my_args.name);
+ return -1;
+ }
+
if (!c->is_defined(c)) {
fprintf(stderr, "Container is not defined\n");
lxc_container_put(c);
diff --git a/src/lxc/lxc_freeze.c b/src/lxc/lxc_freeze.c
index 39483a6..92d7aa2 100644
--- a/src/lxc/lxc_freeze.c
+++ b/src/lxc/lxc_freeze.c
@@ -59,6 +59,9 @@ int main(int argc, char *argv[])
if (lxc_arguments_parse(&my_args, argc, argv))
exit(1);
+ if (!my_args.log_file)
+ my_args.log_file = "none";
+
if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0]))
exit(1);
@@ -69,6 +72,11 @@ int main(int argc, char *argv[])
exit(1);
}
+ if (!c->may_control(c)) {
+ ERROR("Insufficent privileges to control %s:%s", my_args.lxcpath[0], my_args.name);
+ return -1;
+ }
+
if (!c->freeze(c)) {
ERROR("Failed to freeze %s:%s", my_args.lxcpath[0], my_args.name);
lxc_container_put(c);
diff --git a/src/lxc/lxc_info.c b/src/lxc/lxc_info.c
index a4fa3e1..ac56287 100644
--- a/src/lxc/lxc_info.c
+++ b/src/lxc/lxc_info.c
@@ -96,6 +96,9 @@ int main(int argc, char *argv[])
if (lxc_arguments_parse(&my_args, argc, argv))
return -1;
+ if (!my_args.log_file)
+ my_args.log_file = "none";
+
if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0]))
return -1;
@@ -104,6 +107,11 @@ int main(int argc, char *argv[])
if (!c)
return -1;
+ if (!c->may_control(c)) {
+ fprintf(stderr, "Insufficent privileges to control %s\n", c->name);
+ return -1;
+ }
+
if (!state && !pid && !ips && keys <= 0)
state = pid = ips = true;
diff --git a/src/lxc/lxc_kill.c b/src/lxc/lxc_kill.c
index 3ed6e4e..8322b42 100644
--- a/src/lxc/lxc_kill.c
+++ b/src/lxc/lxc_kill.c
@@ -61,6 +61,9 @@ int main(int argc, char *argv[], char *envp[])
if (ret)
return ret;
+ if (!my_args.log_file)
+ my_args.log_file = "none";
+
ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0]);
if (ret)
diff --git a/src/lxc/lxc_monitor.c b/src/lxc/lxc_monitor.c
index 00ab58b..0c27723 100644
--- a/src/lxc/lxc_monitor.c
+++ b/src/lxc/lxc_monitor.c
@@ -67,6 +67,9 @@ int main(int argc, char *argv[])
if (lxc_arguments_parse(&my_args, argc, argv))
return -1;
+ if (!my_args.log_file)
+ my_args.log_file = "none";
+
if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0]))
return -1;
diff --git a/src/lxc/lxc_snapshot.c b/src/lxc/lxc_snapshot.c
index c21563f..573804b 100644
--- a/src/lxc/lxc_snapshot.c
+++ b/src/lxc/lxc_snapshot.c
@@ -160,6 +160,9 @@ int main(int argc, char *argv[])
if (lxc_arguments_parse(&my_args, argc, argv))
exit(1);
+ if (!my_args.log_file)
+ my_args.log_file = "none";
+
if (my_args.argc > 1) {
ERROR("Too many arguments");
return -1;
@@ -184,6 +187,11 @@ int main(int argc, char *argv[])
exit(1);
}
+ if (!c->may_control(c)) {
+ fprintf(stderr, "Insufficent privileges to control %s\n", my_args.name);
+ return -1;
+ }
+
switch(action) {
case DO_SNAP:
ret = do_snapshot(c);
diff --git a/src/lxc/lxc_stop.c b/src/lxc/lxc_stop.c
index 77de7e5..7203d75 100644
--- a/src/lxc/lxc_stop.c
+++ b/src/lxc/lxc_stop.c
@@ -145,6 +145,11 @@ int main(int argc, char *argv[])
goto out;
}
+ if (!c->may_control(c)) {
+ fprintf(stderr, "Insufficent privileges to control %s\n", c->name);
+ goto out;
+ }
+
if (!c->is_running(c)) {
fprintf(stderr, "%s is not running\n", c->name);
ret = 2;
diff --git a/src/lxc/lxc_unfreeze.c b/src/lxc/lxc_unfreeze.c
index 0130224..4c499ec 100644
--- a/src/lxc/lxc_unfreeze.c
+++ b/src/lxc/lxc_unfreeze.c
@@ -58,6 +58,9 @@ int main(int argc, char *argv[])
if (lxc_arguments_parse(&my_args, argc, argv))
exit(1);
+ if (!my_args.log_file)
+ my_args.log_file = "none";
+
if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0]))
exit(1);
@@ -68,6 +71,11 @@ int main(int argc, char *argv[])
exit(1);
}
+ if (!c->may_control(c)) {
+ ERROR("Insufficent privileges to control %s:%s", my_args.lxcpath[0], my_args.name);
+ return -1;
+ }
+
if (!c->unfreeze(c)) {
ERROR("Failed to unfreeze %s:%s", my_args.lxcpath[0], my_args.name);
lxc_container_put(c);
diff --git a/src/lxc/lxc_wait.c b/src/lxc/lxc_wait.c
index 4669cee..0a3487f 100644
--- a/src/lxc/lxc_wait.c
+++ b/src/lxc/lxc_wait.c
@@ -85,6 +85,9 @@ int main(int argc, char *argv[])
if (lxc_arguments_parse(&my_args, argc, argv))
return -1;
+ if (!my_args.log_file)
+ my_args.log_file = "none";
+
if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0]))
return -1;
@@ -93,6 +96,11 @@ int main(int argc, char *argv[])
if (!c)
return -1;
+ if (!c->may_control(c)) {
+ fprintf(stderr, "Insufficent privileges to control %s\n", c->name);
+ return -1;
+ }
+
if (!c->wait(c, my_args.states, my_args.timeout)) {
lxc_container_put(c);
return -1;
--
1.8.3.2
More information about the lxc-devel
mailing list