[lxc-devel] [lxd/master] lxd/init: Require root for interactive cluster join
stgraber on Github
lxc-bot at linuxcontainers.org
Mon Apr 16 16:18:23 UTC 2018
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 370 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180416/384a39f3/attachment.bin>
-------------- next part --------------
From a2690c8160bb1f672b7eb048f2f5c4509f9bfb83 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 16 Apr 2018 18:17:48 +0200
Subject: [PATCH] lxd/init: Require root for interactive cluster join
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #4451
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/main_init_interactive.go | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lxd/main_init_interactive.go b/lxd/main_init_interactive.go
index 14d9b519f..311b1968d 100644
--- a/lxd/main_init_interactive.go
+++ b/lxd/main_init_interactive.go
@@ -135,6 +135,11 @@ func (c *cmdInit) askClustering(config *initData, d lxd.ContainerServer) error {
break
}
+ // Root is required to access the certificate files
+ if os.Geteuid() != 0 {
+ return fmt.Errorf("Joining an existing cluster requires root privileges")
+ }
+
// Confirm wiping
if !cli.AskBool("All existing data is lost when joining a cluster, continue? (yes/no) [default=no] ", "no") {
return fmt.Errorf("User aborted configuration")
More information about the lxc-devel
mailing list