From bbd23aa0bbfebcced16654b3920d73173f0c622c Mon Sep 17 00:00:00 2001 From: Serge Hallyn Date: Mon, 10 Feb 2014 16:57:08 -0600 Subject: [PATCH] warn about insufficient permissions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With this patch, if an unprivileged user has $HOME 700 or 750 and does lxc-start -n c1 he'll see an error like: lxc_container: Permission denied - could not access /home/serge. Please grant it 'x' access, or add an ACL for t he container root. (This addresses bug pad.lv/1277466) Signed-off-by: Serge Hallyn Acked-by: Stéphane Graber --- src/lxc/conf.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 7ac1f0681..4e25432c4 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -753,6 +753,31 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha return 0; } +static void print_top_failing_dir(const char *path) +{ + size_t len = strlen(path); + char *copy = alloca(len+1), *p, *e, saved; + strcpy(copy, path); + + p = copy; + e = copy + len; + while (p < e) { + while (p < e && *p == '/') p++; + while (p < e && *p != '/') p++; + if (p >= e) + return; + saved = *p; + *p = '\0'; + if (access(copy, X_OK)) { + SYSERROR("could not access %s. Please grant it 'x' " \ + "access, or add an ACL for the container root.", + copy); + return; + } + *p = saved; + } +} + static int mount_rootfs(const char *rootfs, const char *target, const char *options) { char absrootfs[MAXPATHLEN]; @@ -1546,6 +1571,11 @@ static int setup_rootfs(struct lxc_conf *conf) return -1; } + if (access(rootfs->path, R_OK)) { + print_top_failing_dir(rootfs->path); + return -1; + } + if (detect_shared_rootfs()) { if (chroot_into_slave(conf)) { ERROR("Failed to chroot into slave /");