proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-07 07:50:06 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

better check for lock dir

Browse Source 
Consider the case where we're running in a user namespace but in the host's
mount ns with the host's filesystem (something like
lxc-usernsexec ... lxc-execute ...), in this case, we'll be euid 0, but we
can't actually write to /run. Let's improve this locking check to make sure
we can actually write to /run before we decide to actually use it as our
locking dir.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
This commit is contained in:
Tycho Andersen 2018-01-26 17:43:12 +00:00
parent 3fdb1cf431
commit 9650c735c7
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/lxc/utils.c
View File

@ -245,8 +245,13 @@ char *get_rundir()
{ {
char *rundir; char *rundir;
const char *homedir; const char *homedir;
struct stat sb;
if (geteuid() == 0) { if (stat(RUNTIME_PATH, &sb) < 0) {
return NULL;
}
if (geteuid() == sb.st_uid || getegid() == sb.st_gid) {
rundir = strdup(RUNTIME_PATH); rundir = strdup(RUNTIME_PATH);
return rundir; return rundir;
} }