From 460bcbd85c97b5a0eac9cf7cead1abde1281cd5a Mon Sep 17 00:00:00 2001 From: Serge Hallyn Date: Wed, 8 May 2013 20:25:06 -0500 Subject: [PATCH] lxc-create: support unpriv users MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Just make sure we are root if we are asked to deal with something other than a directory, and make sure we have permission to create the container in the given lxcpath. The templates will need much more work. Signed-off-by: Serge Hallyn Acked-by: Stéphane Graber --- src/lxc/lxc_create.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/src/lxc/lxc_create.c b/src/lxc/lxc_create.c index bd08ea26f..ab5886bd9 100644 --- a/src/lxc/lxc_create.c +++ b/src/lxc/lxc_create.c @@ -171,13 +171,6 @@ int main(int argc, char *argv[]) struct bdev_specs spec; int flags = 0; - /* this is a short term test. We'll probably want to check for - * write access to lxcpath instead */ - if (geteuid()) { - fprintf(stderr, "%s must be run as root\n", argv[0]); - exit(1); - } - if (lxc_arguments_parse(&my_args, argc, argv)) exit(1); @@ -191,6 +184,18 @@ int main(int argc, char *argv[]) if (!validate_bdev_args(&my_args)) exit(1); + if (geteuid()) { + if (access(my_args.lxcpath[0], O_RDWR) < 0) { + fprintf(stderr, "You lack access to %s\n", my_args.lxcpath[0]); + exit(1); + } + if (strcmp(my_args.bdevtype, "dir") && strcmp(my_args.bdevtype, "_unset")) { + fprintf(stderr, "Unprivileged users can only create directory backed containers\n"); + exit(1); + } + } + + c = lxc_container_new(my_args.name, my_args.lxcpath[0]); if (!c) { fprintf(stderr, "System error loading container\n");