[lxc-devel] [lxc/lxc] 9fbe07: lxccontainer: do not display if missing privileges
Christian Brauner
noreply at github.com
Fri May 10 19:20:22 UTC 2019
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 9fbe07f68da62c90ff849eb1e2d59396d2a9672f
https://github.com/lxc/lxc/commit/9fbe07f68da62c90ff849eb1e2d59396d2a9672f
Author: Rachid Koucha <47061324+Rachid-Koucha at users.noreply.github.com>
Date: 2019-05-10 (Fri, 10 May 2019)
Changed paths:
M src/lxc/lxccontainer.c
Log Message:
-----------
lxccontainer: do not display if missing privileges
lxc-ls without root privileges on privileged containers should not display
information. In lxc_container_new(), ongoing_create()'s result is not checked
for all possible returned values. Hence, an unprivileged user can send command
messages to the container's monitor. For example:
$ lxc-ls -P /.../tests -f
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
ctr - 0 - - - false
$ sudo lxc-ls -P /.../tests -f
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
ctr RUNNING 0 - 10.0.3.51 - false
After this change:
$ lxc-ls -P /.../tests -f <-------- No more display without root privileges
$ sudo lxc-ls -P /.../tests -f
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
ctr RUNNING 0 - 10.0.3.37 - false
$
Signed-off-by: Rachid Koucha <rachid.koucha at gmail.com>
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: e269d99b026cc400a8b7137c3427d6985b85ae91
https://github.com/lxc/lxc/commit/e269d99b026cc400a8b7137c3427d6985b85ae91
Author: Christian Brauner <christian at brauner.io>
Date: 2019-05-10 (Fri, 10 May 2019)
Changed paths:
M src/lxc/lxccontainer.c
Log Message:
-----------
Merge pull request #2996 from brauner/Rachid-Koucha-patch-10
lxccontainer: do not display if missing privileges
Compare: https://github.com/lxc/lxc/compare/792ea4004239...e269d99b026c
More information about the lxc-devel
mailing list