better check for lock dir

Consider the case where we're running in a user namespace but in the host's mount ns with the host's filesystem (something like lxc-usernsexec ... lxc-execute ...), in this case, we'll be euid 0, but we can't actually write to /run. Let's improve this locking check to make sure we can actually write to /run before we decide to actually use it as our locking dir. Signed-off-by: Tycho Andersen <tycho@tycho.ws>

better check for lock dir
02b05b04 · Tycho Andersen · Christian Brauner · a48622d8 · 02b05b04
Unverified Commit 02b05b04 authored Jan 26, 2018 by Tycho Andersen Committed by Christian Brauner Feb 07, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 1 deletion

utils.c src/lxc/utils.c +6 -1

No files found.
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -214,8 +214,13 @@ char *get_rundir()
 {
 	char *rundir;
 	const char *homedir;
+	struct stat sb;
+	if (stat(RUNTIME_PATH, &sb) < 0) {
+		return NULL;
+	}
-	if (geteuid() == 0) {
+	if (geteuid() == sb.st_uid || getegid() == sb.st_gid) {
 		rundir = strdup(RUNTIME_PATH);
 		return rundir;
 	}