proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-09 09:35:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

lxc-create: support unpriv users

Browse Source 
Just make sure we are root if we are asked to deal with something other
than a directory, and make sure we have permission to create the
container in the given lxcpath.

The templates will need much more work.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This commit is contained in:
Serge Hallyn 2013-05-08 20:25:06 -05:00
parent 5be56973e5
commit 460bcbd85c
1 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/lxc/lxc_create.c
View File

@ -171,13 +171,6 @@ int main(int argc, char *argv[])
struct bdev_specs spec; struct bdev_specs spec;
int flags = 0; int flags = 0;
/* this is a short term test. We'll probably want to check for
* write access to lxcpath instead */
if (geteuid()) {
fprintf(stderr, "%s must be run as root\n", argv[0]);
exit(1);
}
if (lxc_arguments_parse(&my_args, argc, argv)) if (lxc_arguments_parse(&my_args, argc, argv))
exit(1); exit(1);
@ -191,6 +184,18 @@ int main(int argc, char *argv[])
if (!validate_bdev_args(&my_args)) if (!validate_bdev_args(&my_args))
exit(1); exit(1);
if (geteuid()) {
if (access(my_args.lxcpath[0], O_RDWR) < 0) {
fprintf(stderr, "You lack access to %s\n", my_args.lxcpath[0]);
exit(1);
}
if (strcmp(my_args.bdevtype, "dir") && strcmp(my_args.bdevtype, "_unset")) {
fprintf(stderr, "Unprivileged users can only create directory backed containers\n");
exit(1);
}
}
c = lxc_container_new(my_args.name, my_args.lxcpath[0]); c = lxc_container_new(my_args.name, my_args.lxcpath[0]);
if (!c) { if (!c) {
fprintf(stderr, "System error loading container\n"); fprintf(stderr, "System error loading container\n");