[lxc-devel] [PATCH] check for access to lxcpath

[Serge Hallyn]

The previous check for access to rootfs->path failed in the case of
overlayfs or loop backign stores.  Instead just check early on for
access to lxcpath.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
---
 src/lxc/conf.c  | 30 ------------------------------
 src/lxc/start.c | 30 ++++++++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 522c590..ecf2171 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -753,31 +753,6 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha
 	return 0;
 }
 
-static void print_top_failing_dir(const char *path)
-{
-	size_t len = strlen(path);
-	char *copy = alloca(len+1), *p, *e, saved;
-	strcpy(copy, path);
-
-	p = copy;
-	e = copy + len;
-	while (p < e) {
-		while (p < e && *p == '/') p++;
-		while (p < e && *p != '/') p++;
-		if (p >= e)
-			return;
-		saved = *p;
-		*p = '\0';
-		if (access(copy, X_OK)) {
-			SYSERROR("could not access %s.  Please grant it 'x' " \
-			      "access, or add an ACL for the container root.",
-			      copy);
-			return;
-		}
-		*p = saved;
-	}
-}
-
 static int mount_rootfs(const char *rootfs, const char *target, const char *options)
 {
 	char absrootfs[MAXPATHLEN];
@@ -1571,11 +1546,6 @@ static int setup_rootfs(struct lxc_conf *conf)
 		return -1;
 	}
 
-	if (access(rootfs->path, R_OK)) {
-		print_top_failing_dir(rootfs->path);
-		return -1;
-	}
-
 	if (detect_shared_rootfs()) {
 		if (chroot_into_slave(conf)) {
 			ERROR("Failed to chroot into slave /");
diff --git a/src/lxc/start.c b/src/lxc/start.c
index ff2753a..69e3486 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -83,6 +83,31 @@ const struct ns_info ns_info[LXC_NS_MAX] = {
 	[LXC_NS_NET] = {"net", CLONE_NEWNET}
 };
 
+static void print_top_failing_dir(const char *path)
+{
+	size_t len = strlen(path);
+	char *copy = alloca(len+1), *p, *e, saved;
+	strcpy(copy, path);
+
+	p = copy;
+	e = copy + len;
+	while (p < e) {
+		while (p < e && *p == '/') p++;
+		while (p < e && *p != '/') p++;
+		if (p >= e)
+			return;
+		saved = *p;
+		*p = '\0';
+		if (access(copy, X_OK)) {
+			SYSERROR("could not access %s.  Please grant it 'x' " \
+			      "access, or add an ACL for the container root.",
+			      copy);
+			return;
+		}
+		*p = saved;
+	}
+}
+
 static void close_ns(int ns_fd[LXC_NS_MAX]) {
 	int i;
 
@@ -592,6 +617,11 @@ static int do_start(void *data)
 		}
 	}
 
+	if (access(handler->lxcpath, R_OK)) {
+		print_top_failing_dir(handler->lxcpath);
+		goto out_warn_father;
+	}
+
 	#if HAVE_SYS_CAPABILITY_H
 	if (handler->conf->need_utmp_watch) {
 		if (prctl(PR_CAPBSET_DROP, CAP_SYS_BOOT, 0, 0, 0)) {
-- 
1.9.rc1