[lxc-devel] [PATCH] check for access to lxcpath
Stéphane Graber
stgraber at ubuntu.com
Wed Feb 12 04:39:21 UTC 2014
On Tue, Feb 11, 2014 at 10:20:03PM -0600, Serge Hallyn wrote:
> The previous check for access to rootfs->path failed in the case of
> overlayfs or loop backign stores. Instead just check early on for
> access to lxcpath.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> ---
> src/lxc/conf.c | 30 ------------------------------
> src/lxc/start.c | 30 ++++++++++++++++++++++++++++++
> 2 files changed, 30 insertions(+), 30 deletions(-)
>
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index 522c590..ecf2171 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -753,31 +753,6 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha
> return 0;
> }
>
> -static void print_top_failing_dir(const char *path)
> -{
> - size_t len = strlen(path);
> - char *copy = alloca(len+1), *p, *e, saved;
> - strcpy(copy, path);
> -
> - p = copy;
> - e = copy + len;
> - while (p < e) {
> - while (p < e && *p == '/') p++;
> - while (p < e && *p != '/') p++;
> - if (p >= e)
> - return;
> - saved = *p;
> - *p = '\0';
> - if (access(copy, X_OK)) {
> - SYSERROR("could not access %s. Please grant it 'x' " \
> - "access, or add an ACL for the container root.",
> - copy);
> - return;
> - }
> - *p = saved;
> - }
> -}
> -
> static int mount_rootfs(const char *rootfs, const char *target, const char *options)
> {
> char absrootfs[MAXPATHLEN];
> @@ -1571,11 +1546,6 @@ static int setup_rootfs(struct lxc_conf *conf)
> return -1;
> }
>
> - if (access(rootfs->path, R_OK)) {
> - print_top_failing_dir(rootfs->path);
> - return -1;
> - }
> -
> if (detect_shared_rootfs()) {
> if (chroot_into_slave(conf)) {
> ERROR("Failed to chroot into slave /");
> diff --git a/src/lxc/start.c b/src/lxc/start.c
> index ff2753a..69e3486 100644
> --- a/src/lxc/start.c
> +++ b/src/lxc/start.c
> @@ -83,6 +83,31 @@ const struct ns_info ns_info[LXC_NS_MAX] = {
> [LXC_NS_NET] = {"net", CLONE_NEWNET}
> };
>
> +static void print_top_failing_dir(const char *path)
> +{
> + size_t len = strlen(path);
> + char *copy = alloca(len+1), *p, *e, saved;
> + strcpy(copy, path);
> +
> + p = copy;
> + e = copy + len;
> + while (p < e) {
> + while (p < e && *p == '/') p++;
> + while (p < e && *p != '/') p++;
> + if (p >= e)
> + return;
> + saved = *p;
> + *p = '\0';
> + if (access(copy, X_OK)) {
> + SYSERROR("could not access %s. Please grant it 'x' " \
> + "access, or add an ACL for the container root.",
> + copy);
> + return;
> + }
> + *p = saved;
> + }
> +}
> +
> static void close_ns(int ns_fd[LXC_NS_MAX]) {
> int i;
>
> @@ -592,6 +617,11 @@ static int do_start(void *data)
> }
> }
>
> + if (access(handler->lxcpath, R_OK)) {
> + print_top_failing_dir(handler->lxcpath);
> + goto out_warn_father;
> + }
> +
> #if HAVE_SYS_CAPABILITY_H
> if (handler->conf->need_utmp_watch) {
> if (prctl(PR_CAPBSET_DROP, CAP_SYS_BOOT, 0, 0, 0)) {
> --
> 1.9.rc1
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140211/9e84194d/attachment.pgp>
More information about the lxc-devel
mailing list