[lxc-devel] [PATCH] Improve behaviour for unprivileged users
Serge Hallyn
serge.hallyn at ubuntu.com
Thu Oct 3 03:46:20 UTC 2013
Quoting Stéphane Graber (stgraber at ubuntu.com):
> This mostly changes two things:
> - Only log to the container's logfile on start/stop/restart/execute
> - Call may_control() every time we use the API and return
> "Insufficient privileges" on failure.
>
> NOTE: I didn't test every single one of those but I'm fairly confident
> in my copy/paste abilities and I confirmed they all build fine at least.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
(was going to ask about may_control in lxc-monitor and lxc-attach, but I
see they haven't been converted to use the API yet.)
> ---
> src/lxc/lxc_attach.c | 3 +++
> src/lxc/lxc_cgroup.c | 9 +++++++++
> src/lxc/lxc_checkpoint.c | 3 +++
> src/lxc/lxc_clone.c | 6 ++++++
> src/lxc/lxc_console.c | 8 ++++++++
> src/lxc/lxc_create.c | 3 +++
> src/lxc/lxc_destroy.c | 8 ++++++++
> src/lxc/lxc_freeze.c | 8 ++++++++
> src/lxc/lxc_info.c | 8 ++++++++
> src/lxc/lxc_kill.c | 3 +++
> src/lxc/lxc_monitor.c | 3 +++
> src/lxc/lxc_snapshot.c | 8 ++++++++
> src/lxc/lxc_stop.c | 5 +++++
> src/lxc/lxc_unfreeze.c | 8 ++++++++
> src/lxc/lxc_wait.c | 8 ++++++++
> 15 files changed, 91 insertions(+)
>
> diff --git a/src/lxc/lxc_attach.c b/src/lxc/lxc_attach.c
> index 4ca00a9..bd4e674 100644
> --- a/src/lxc/lxc_attach.c
> +++ b/src/lxc/lxc_attach.c
> @@ -188,6 +188,9 @@ int main(int argc, char *argv[])
> if (ret)
> return ret;
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]);
> if (ret)
> diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c
> index 2c0508c..b9727a0 100644
> --- a/src/lxc/lxc_cgroup.c
> +++ b/src/lxc/lxc_cgroup.c
> @@ -70,6 +70,9 @@ int main(int argc, char *argv[])
> if (lxc_arguments_parse(&my_args, argc, argv))
> return -1;
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]))
> return -1;
> @@ -79,6 +82,12 @@ int main(int argc, char *argv[])
> c = lxc_container_new(my_args.name, my_args.lxcpath[0]);
> if (!c)
> return -1;
> +
> + if (!c->may_control(c)) {
> + ERROR("Insufficent privileges to control %s:%s", my_args.lxcpath[0], my_args.name);
> + return -1;
> + }
> +
> if (!c->is_running(c)) {
> ERROR("'%s:%s' is not running", my_args.lxcpath[0], my_args.name);
> lxc_container_put(c);
> diff --git a/src/lxc/lxc_checkpoint.c b/src/lxc/lxc_checkpoint.c
> index ecf19b1..f6a0313 100644
> --- a/src/lxc/lxc_checkpoint.c
> +++ b/src/lxc/lxc_checkpoint.c
> @@ -115,6 +115,9 @@ int main(int argc, char *argv[])
> if (ret)
> return ret;
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]);
> if (ret)
> diff --git a/src/lxc/lxc_clone.c b/src/lxc/lxc_clone.c
> index e0be9da..e01c98b 100644
> --- a/src/lxc/lxc_clone.c
> +++ b/src/lxc/lxc_clone.c
> @@ -160,6 +160,12 @@ int main(int argc, char *argv[])
> c1 = lxc_container_new(orig, lxcpath);
> if (!c1)
> exit(1);
> +
> + if (!c1->may_control(c1)) {
> + fprintf(stderr, "Insufficent privileges to control %s\n", orig);
> + return -1;
> + }
> +
> if (!c1->is_defined(c1)) {
> fprintf(stderr, "Error: container %s is not defined\n", orig);
> lxc_container_put(c1);
> diff --git a/src/lxc/lxc_console.c b/src/lxc/lxc_console.c
> index ea1e999..f5d16fa 100644
> --- a/src/lxc/lxc_console.c
> +++ b/src/lxc/lxc_console.c
> @@ -97,6 +97,9 @@ int main(int argc, char *argv[])
> if (ret)
> return EXIT_FAILURE;
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]);
> if (ret)
> @@ -108,6 +111,11 @@ int main(int argc, char *argv[])
> exit(EXIT_FAILURE);
> }
>
> + if (!c->may_control(c)) {
> + fprintf(stderr, "Insufficent privileges to control %s\n", my_args.name);
> + return -1;
> + }
> +
> if (!c->is_running(c)) {
> fprintf(stderr, "%s is not running\n", my_args.name);
> exit(EXIT_FAILURE);
> diff --git a/src/lxc/lxc_create.c b/src/lxc/lxc_create.c
> index f577e30..98cca32 100644
> --- a/src/lxc/lxc_create.c
> +++ b/src/lxc/lxc_create.c
> @@ -174,6 +174,9 @@ int main(int argc, char *argv[])
> if (lxc_arguments_parse(&my_args, argc, argv))
> exit(1);
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]))
> exit(1);
> diff --git a/src/lxc/lxc_destroy.c b/src/lxc/lxc_destroy.c
> index a1f73ca..d50fcf1 100644
> --- a/src/lxc/lxc_destroy.c
> +++ b/src/lxc/lxc_destroy.c
> @@ -74,6 +74,9 @@ int main(int argc, char *argv[])
> if (lxc_arguments_parse(&my_args, argc, argv))
> exit(1);
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]))
> exit(1);
> @@ -84,6 +87,11 @@ int main(int argc, char *argv[])
> exit(1);
> }
>
> + if (!c->may_control(c)) {
> + fprintf(stderr, "Insufficent privileges to control %s\n", my_args.name);
> + return -1;
> + }
> +
> if (!c->is_defined(c)) {
> fprintf(stderr, "Container is not defined\n");
> lxc_container_put(c);
> diff --git a/src/lxc/lxc_freeze.c b/src/lxc/lxc_freeze.c
> index 39483a6..92d7aa2 100644
> --- a/src/lxc/lxc_freeze.c
> +++ b/src/lxc/lxc_freeze.c
> @@ -59,6 +59,9 @@ int main(int argc, char *argv[])
> if (lxc_arguments_parse(&my_args, argc, argv))
> exit(1);
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]))
> exit(1);
> @@ -69,6 +72,11 @@ int main(int argc, char *argv[])
> exit(1);
> }
>
> + if (!c->may_control(c)) {
> + ERROR("Insufficent privileges to control %s:%s", my_args.lxcpath[0], my_args.name);
> + return -1;
> + }
> +
> if (!c->freeze(c)) {
> ERROR("Failed to freeze %s:%s", my_args.lxcpath[0], my_args.name);
> lxc_container_put(c);
> diff --git a/src/lxc/lxc_info.c b/src/lxc/lxc_info.c
> index a4fa3e1..ac56287 100644
> --- a/src/lxc/lxc_info.c
> +++ b/src/lxc/lxc_info.c
> @@ -96,6 +96,9 @@ int main(int argc, char *argv[])
> if (lxc_arguments_parse(&my_args, argc, argv))
> return -1;
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]))
> return -1;
> @@ -104,6 +107,11 @@ int main(int argc, char *argv[])
> if (!c)
> return -1;
>
> + if (!c->may_control(c)) {
> + fprintf(stderr, "Insufficent privileges to control %s\n", c->name);
> + return -1;
> + }
> +
> if (!state && !pid && !ips && keys <= 0)
> state = pid = ips = true;
>
> diff --git a/src/lxc/lxc_kill.c b/src/lxc/lxc_kill.c
> index 3ed6e4e..8322b42 100644
> --- a/src/lxc/lxc_kill.c
> +++ b/src/lxc/lxc_kill.c
> @@ -61,6 +61,9 @@ int main(int argc, char *argv[], char *envp[])
> if (ret)
> return ret;
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]);
> if (ret)
> diff --git a/src/lxc/lxc_monitor.c b/src/lxc/lxc_monitor.c
> index 00ab58b..0c27723 100644
> --- a/src/lxc/lxc_monitor.c
> +++ b/src/lxc/lxc_monitor.c
> @@ -67,6 +67,9 @@ int main(int argc, char *argv[])
> if (lxc_arguments_parse(&my_args, argc, argv))
> return -1;
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]))
> return -1;
> diff --git a/src/lxc/lxc_snapshot.c b/src/lxc/lxc_snapshot.c
> index c21563f..573804b 100644
> --- a/src/lxc/lxc_snapshot.c
> +++ b/src/lxc/lxc_snapshot.c
> @@ -160,6 +160,9 @@ int main(int argc, char *argv[])
> if (lxc_arguments_parse(&my_args, argc, argv))
> exit(1);
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> if (my_args.argc > 1) {
> ERROR("Too many arguments");
> return -1;
> @@ -184,6 +187,11 @@ int main(int argc, char *argv[])
> exit(1);
> }
>
> + if (!c->may_control(c)) {
> + fprintf(stderr, "Insufficent privileges to control %s\n", my_args.name);
> + return -1;
> + }
> +
> switch(action) {
> case DO_SNAP:
> ret = do_snapshot(c);
> diff --git a/src/lxc/lxc_stop.c b/src/lxc/lxc_stop.c
> index 77de7e5..7203d75 100644
> --- a/src/lxc/lxc_stop.c
> +++ b/src/lxc/lxc_stop.c
> @@ -145,6 +145,11 @@ int main(int argc, char *argv[])
> goto out;
> }
>
> + if (!c->may_control(c)) {
> + fprintf(stderr, "Insufficent privileges to control %s\n", c->name);
> + goto out;
> + }
> +
> if (!c->is_running(c)) {
> fprintf(stderr, "%s is not running\n", c->name);
> ret = 2;
> diff --git a/src/lxc/lxc_unfreeze.c b/src/lxc/lxc_unfreeze.c
> index 0130224..4c499ec 100644
> --- a/src/lxc/lxc_unfreeze.c
> +++ b/src/lxc/lxc_unfreeze.c
> @@ -58,6 +58,9 @@ int main(int argc, char *argv[])
> if (lxc_arguments_parse(&my_args, argc, argv))
> exit(1);
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]))
> exit(1);
> @@ -68,6 +71,11 @@ int main(int argc, char *argv[])
> exit(1);
> }
>
> + if (!c->may_control(c)) {
> + ERROR("Insufficent privileges to control %s:%s", my_args.lxcpath[0], my_args.name);
> + return -1;
> + }
> +
> if (!c->unfreeze(c)) {
> ERROR("Failed to unfreeze %s:%s", my_args.lxcpath[0], my_args.name);
> lxc_container_put(c);
> diff --git a/src/lxc/lxc_wait.c b/src/lxc/lxc_wait.c
> index 4669cee..0a3487f 100644
> --- a/src/lxc/lxc_wait.c
> +++ b/src/lxc/lxc_wait.c
> @@ -85,6 +85,9 @@ int main(int argc, char *argv[])
> if (lxc_arguments_parse(&my_args, argc, argv))
> return -1;
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]))
> return -1;
> @@ -93,6 +96,11 @@ int main(int argc, char *argv[])
> if (!c)
> return -1;
>
> + if (!c->may_control(c)) {
> + fprintf(stderr, "Insufficent privileges to control %s\n", c->name);
> + return -1;
> + }
> +
> if (!c->wait(c, my_args.states, my_args.timeout)) {
> lxc_container_put(c);
> return -1;
> --
> 1.8.3.2
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
More information about the lxc-devel
mailing list