[lxc-devel] [lxc/master] tools: block using lxc-execute without config file
brauner on Github
lxc-bot at linuxcontainers.org
Tue Dec 12 00:43:33 UTC 2017
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 780 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20171212/eebbc0a9/attachment.bin>
-------------- next part --------------
From d8a51da12e7a5f55067ab2ca68e5f53eeb28d987 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 12 Dec 2017 01:38:40 +0100
Subject: [PATCH] tools: block using lxc-execute without config file
Moving away from internal symbols we need can't do hacks like we currently do
in lxc-start and call internal functions like lxc_conf_init(). This is unsafe
anyway. Instead, we should simply error out if the user didn't give us a
configuration file to use. lxc-start refuses to start in that case already.
Relates to discussion in https://github.com/lxc/go-lxc/pull/96#discussion_r155075560 .
Closes #2023.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/tools/lxc_execute.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/lxc/tools/lxc_execute.c b/src/lxc/tools/lxc_execute.c
index 9af00886c..f94393e14 100644
--- a/src/lxc/tools/lxc_execute.c
+++ b/src/lxc/tools/lxc_execute.c
@@ -163,6 +163,12 @@ int main(int argc, char *argv[])
}
}
+ if (!c->lxc_conf) {
+ fprintf(stderr, "Executing a container with no configuration file may crash the host\n");
+ lxc_container_put(c);
+ exit(EXIT_FAILURE);
+ }
+
if (my_args.argc == 0) {
if (!set_argv(c->lxc_conf, &my_args)) {
fprintf(stderr, "missing command to execute!\n");
More information about the lxc-devel
mailing list