Add sys admin capabilty to lxc-netstat to mount /proc/net

From: Daniel Lezcano <dlezcano@fr.ibm.com> Add sys admin capability to lxc-netstat to mount /proc/net. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
2025-08-02 23:04:52 +00:00 · 2008-11-26 17:32:16 +00:00 · 2008-11-26 17:32:16 +00:00 · 13832f48ed
commit 13832f48ed
parent a6b2670f6c
2 changed files with 35 additions and 14 deletions
--- a/lxc.spec.in
+++ b/lxc.spec.in
@ -77,7 +77,7 @@ development of containers
 %build

 # I don't understand why but I have to specify this prefix :(
-%configure --prefix=/ $args
+%configure $args %{confargs} --prefix=/

 ncpus=`egrep -c "^cpu[0-9]+" /proc/stat || :`
 make -j$ncpus
@ -123,10 +123,18 @@ if [ $RES != 0 ]; then
    echo -e "\t* and reinstall lxc                                *"
    echo -e "\t****************************************************"
 else
-setcap cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep %{_bindir}/lxc-execute && \
-setcap cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep %{_bindir}/lxc-start && \
-setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep %{_bindir}/lxc-restart && \
-setcap cap_sys_admin=ep %{_bindir}/lxc-init 
+setcap cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
+    %{_bindir}/lxc-execute && \
+setcap cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
+    %{_bindir}/lxc-start && \
+setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
+    %{_bindir}/lxc-restart && \
+setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
+    %{_bindir}/lxc-unshare && \
+setcap cap_sys_admin=ep \
+    %{_bindir}/lxc-init &&
+setcap cap_sys_admin=ep \
+    %{_bindir}/lxc-netstat
 fi


--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@ -24,7 +24,6 @@ liblxc_la_SOURCES = \
 	version.c \
 	error.h error.c \
 	cgroup.c cgroup.h \
-	cr_plugin_columbia.c \
 	lxc.h \
 	lxc_utils.h \
 	lxc_lock.c lxc_lock.h \
@ -37,17 +36,20 @@ liblxc_la_SOURCES = \
 	network.c network.h \
        nl.c nl.h \
        rtnl.c rtnl.h \
-        genl.c genl.h
+        genl.c genl.h \
+	\
+	cr_plugin_columbia.c lxc_plugin.h

 liblxc_la_LDFLAGS = -release @PACKAGE_VERSION@

 bin_SCRIPTS = \
 	lxc-ps \
-	lxc-ls \
 	lxc-netstat \
+	lxc-ls \
 	lxc-checkconfig

 bin_PROGRAMS = \
+	lxc-unshare \
 	lxc-init \
 	lxc-create \
 	lxc-destroy \
@ -65,6 +67,9 @@ bin_PROGRAMS = \
 	lxc-restart \
 	lxc-version

+lxc_unshare_SOURCES = lxc_unshare.c
+lxc_unshare_LDADD = liblxc.la
+
 lxc_init_SOURCES = lxc_init.c
 lxc_init_LDADD = liblxc.la

@ -115,12 +120,20 @@ lxc_version_LDADD = liblxc.la

 install-exec-local:
 	-@export PATH=$$PATH:/sbin:/usr/sbin && \
-	 setcap cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep $(bindir)/lxc-execute && \
-	setcap cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep $(bindir)/lxc-start && \
-	setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep $(bindir)/lxc-restart && \
-	setcap cap_sys_admin=ep $(bindir)/lxc-init && \
-	mkdir -p $(prefix)/var/lxc && \
-	chmod ugo+rw $(prefix)/var/lxc || \
+	 setcap cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
+		$(bindir)/lxc-execute && \
+	 setcap cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
+		$(bindir)/lxc-start && \
+	 setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
+		$(bindir)/lxc-restart && \
+	 setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep \
+		$(bindir)/lxc-unshare && \
+	 setcap cap_sys_admin=ep \
+		$(bindir)/lxc-init && \
+	 setcap cap_sys_admin=ep \
+		$(bindir)/lxc-netstat && \
+	 mkdir -p $(prefix)/var/lxc && \
+	 chmod ugo+rw $(prefix)/var/lxc || \
 	(echo && echo && \
 	 echo "*****************************************************************" && \
 	 echo "*                                                               *" && \