Add read permission checking for the container

From: Daniel Lezcano <dlezcano@fr.ibm.com> When an user tries to look at the pids or network information belonging to a container not owned by the user. The command silently fails, I changed that to check the read permission, display an error and exit. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Add read permission checking for the container
526e288e · dlezcano · 4bbb9c57 · 526e288e · 526e288e
Commit 526e288e authored Nov 25, 2008 by dlezcano
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 4 deletions

lxc-netstat.in src/lxc/lxc-netstat.in +8 -4

lxc-ps.in src/lxc/lxc-ps.in +5 -0

No files found.
--- a/src/lxc/lxc-netstat.in
+++ b/src/lxc/lxc-netstat.in
@@ -30,10 +30,15 @@ if [ ! -d $lxcpath/$name ]; then
    exit 1
 fi

+if [ ! -r $lxcpath/$name ]; then
+    echo "Can not access '$name': permission denied"
+    exit 1
+fi
+
 if [ ! -f $lxcpath/$name/init ]; then
    exit 0
 fi

-initpid=$(cat $lxcpath/$name/init)
-
-mount --bind /proc/$initpid/net /proc/$$/net && exec netstat $*
\ No newline at end of file
+initpid=$(cat $lxcpath/$name/init) && \
+    mount --bind /proc/$initpid/net /proc/$$/net && \
+    exec netstat $*
--- a/src/lxc/lxc-ps.in
+++ b/src/lxc/lxc-ps.in
@@ -30,6 +30,11 @@ if [ ! -d $lxcpath/$name ]; then
    exit 1
 fi

+if [ ! -r $lxcpath/$name ]; then
+    echo "Can not access '$name', permission denied"
+    exit 1
+fi
+
 if [ -h $lxcpath/$name/nsgroup ]; then
    ps $* -p $(cat $lxcpath/$name/nsgroup/tasks)
 fi