proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-15 21:26:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

check for access to lxcpath

Browse Source 
The previous check for access to rootfs->path failed in the case of
overlayfs or loop backign stores.  Instead just check early on for
access to lxcpath.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This commit is contained in:
Serge Hallyn 2014-02-11 22:20:03 -06:00 committed by Stéphane Graber
parent 8b605e2305
commit c8154066e8
2 changed files with 30 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/lxc/conf.c
View File

@ -753,31 +753,6 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha
return 0; return 0;
} }
static void print_top_failing_dir(const char *path)
{
size_t len = strlen(path);
char *copy = alloca(len+1), *p, *e, saved;
strcpy(copy, path);
p = copy;
e = copy + len;
while (p < e) {
while (p < e && *p == '/') p++;
while (p < e && *p != '/') p++;
if (p >= e)
return;
saved = *p;
*p = '\0';
if (access(copy, X_OK)) {
SYSERROR("could not access %s. Please grant it 'x' " \
"access, or add an ACL for the container root.",
copy);
return;
}
*p = saved;
}
}
static int mount_rootfs(const char *rootfs, const char *target, const char *options) static int mount_rootfs(const char *rootfs, const char *target, const char *options)
{ {
char absrootfs[MAXPATHLEN]; char absrootfs[MAXPATHLEN];
@ -1571,11 +1546,6 @@ static int setup_rootfs(struct lxc_conf *conf)
return -1; return -1;
} }
if (access(rootfs->path, R_OK)) {
print_top_failing_dir(rootfs->path);
return -1;
}
if (detect_shared_rootfs()) { if (detect_shared_rootfs()) {
if (chroot_into_slave(conf)) { if (chroot_into_slave(conf)) {
ERROR("Failed to chroot into slave /"); ERROR("Failed to chroot into slave /");

30
src/lxc/start.c
View File

@ -83,6 +83,31 @@ const struct ns_info ns_info[LXC_NS_MAX] = {
[LXC_NS_NET] = {"net", CLONE_NEWNET} [LXC_NS_NET] = {"net", CLONE_NEWNET}
}; };
static void print_top_failing_dir(const char *path)
{
size_t len = strlen(path);
char *copy = alloca(len+1), *p, *e, saved;
strcpy(copy, path);
p = copy;
e = copy + len;
while (p < e) {
while (p < e && *p == '/') p++;
while (p < e && *p != '/') p++;
if (p >= e)
return;
saved = *p;
*p = '\0';
if (access(copy, X_OK)) {
SYSERROR("could not access %s. Please grant it 'x' " \
"access, or add an ACL for the container root.",
copy);
return;
}
*p = saved;
}
}
static void close_ns(int ns_fd[LXC_NS_MAX]) { static void close_ns(int ns_fd[LXC_NS_MAX]) {
int i; int i;
@ -592,6 +617,11 @@ static int do_start(void *data)
} }
} }
if (access(handler->lxcpath, R_OK)) {
print_top_failing_dir(handler->lxcpath);
goto out_warn_father;
}
#if HAVE_SYS_CAPABILITY_H #if HAVE_SYS_CAPABILITY_H
if (handler->conf->need_utmp_watch) { if (handler->conf->need_utmp_watch) {
if (prctl(PR_CAPBSET_DROP, CAP_SYS_BOOT, 0, 0, 0)) { if (prctl(PR_CAPBSET_DROP, CAP_SYS_BOOT, 0, 0, 0)) {