Give the ability to non-root user to play with the containers. This feature

configure.in

 #                                               -*- Autoconf -*-
 # Process this file with autoconf to produce a configure script.
 
-AC_INIT([lxc], [0.3.0])
+AC_INIT([lxc], [0.4.0])
 
 AC_CONFIG_SRCDIR([configure.in])
 AC_CONFIG_AUX_DIR([config])
@@ -12,6 +12,8 @@ AC_PROG_RANLIB
 AM_PROG_CC_C_O
 AC_GNU_SOURCE
 AC_PROG_LIBTOOL
+AC_CHECK_PROG(SETCAP, setcap, yes, no, "/usr/sbin")
+
 AC_CHECK_HEADERS([linux/netlink.h linux/genetlink.h], [], AC_MSG_ERROR([netlink headers not found]),
 [#include <linux/types.h>
 #include <bits/sockaddr.h>
@@ -29,7 +31,7 @@ AC_CONFIG_FILES([
         src/Makefile
 	src/lxc/Makefile
 	src/lxc/lxc-ps
-	src/lxc/lxc-checkconfig
+	src/lxc/lxc-checkconfig	
 	etc/Makefile
 	etc/lxc-macvlan.conf
 	etc/lxc-no-netns.conf
@@ -41,3 +43,32 @@ AC_CONFIG_FILES([
 ])
 AC_CONFIG_COMMANDS([default],[[]],[[]])
 AC_OUTPUT
+
+if test "x$SETCAP" = "xno"; then
+   AC_MSG_NOTICE([ 
+
+Warning:
+--------
+
+The libcap-2 is not installed. That means the tools to
+set the privilege for the lxc commands are not available
+and you will need to run these commands as root
+
+])
+
+else
+
+   AC_MSG_NOTICE([ 
+
+Advice:
+-------
+
+When installing the tools, it is adviced to install as
+root, so the privilege for the commands will be set and
+they will be usable by non-root user
+
+    make && sudo make install
+
+])
+
+fi

lxc.spec.in

@@ -50,16 +50,26 @@ Source:	%name/%name-%version.tar.gz
 BuildRoot: %_tmppath/%name-%version-root
 
 %description
-%name is a set of command line to manage containers
+
+The package "%name" provides the command lines to create and manage
+containers.  It contains a full featured container with the isolation
+/ virtualization of the pids, the ipc, the utsname, the mount points,
+/proc, /sys, the network and it takes into account the control groups.
+It is very light, flexible, and provides a set of tools around the
+container like the monitoring with asynchronous events notification,
+or the freeze of the container. This package is useful to create
+Virtual Private Server, or to run isolated applications like bash or
+sshd.
 
 %package devel
 Release:        %{rel}
 Summary: development library for %{name}
+Requires: libcap
 Group: Application/System
 
 %description devel
-The %{name}-devel package contains header files and library needed for development
-of containers
+The %{name}-devel package contains header files and library needed for
+development of containers
 
 %prep
 %setup -q
@@ -72,12 +82,32 @@ make -j$ncpus
 
 %install
 rm -rf %{buildroot}
+
 %makeinstall
 
 %clean
 rm -rf %{buildroot}
 
 %post
+if [ -d /var/lxc ]; then
+    for i in $(ls -1 /var/lxc); do
+	chmod -fR go-rwx /var/lxc/$i
+    done
+    mv /var/lxc /var/lxc.rpm-$$
+fi
+
+mkdir -p /var/lxc
+
+if [ -d /var/lxc.rpm-$$ ]; then
+    for i in $(ls -1 /var/lxc.rpm-$$); do
+	cp -a /var/lxc.rpm-$$/$i /var/lxc
+    done
+fi
+
+chmod ugo+w /var/lxc
+
+setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep %{_bindir}/lxc-execute
+setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep %{_bindir}/lxc-start
 
 %files
 %defattr(-,root,root)
@@ -94,28 +124,6 @@ rm -rf %{buildroot}
 
 %changelog
 
-* Thu Oct 9 2008 Daniel Lezcano <dlezcano@fr.ibm.com> - Version 0;3.0
-- Added checkpoint/restart API and CLI
-- Added cgroup support
-- Misc fixes - Details in Changelog file
-
-* Wed Sep 10 2008 Daniel Lezcano <dlezcano@fr.ibm.com> - Version 0.2.1
-- Added lxc-wait command line
-- Added tty support for lxc-start
-- Fixed rootfs absolute directory
-- Improved system containers
-
-* Fri Sep 5 2008 Daniel Lezcano <dlezcano@fr.ibm.com> - Version 0.2.0
-- Fix typos in README
-- Added empty container configuration
-- Added empty network container configuration
-- Added bind option for mount configuration
-- Merged lxc and liblxc directories
-- Changed monitoring mechanism
-- Fixed child process should exit instead of returning on error
-- Fixed lxc.h headers can be included in C++ code
-- A lot of code cleanup and improvements
-
 * Sun Aug 3 2008 Daniel Lezcano <dlezcano@fr.ibm.com> - Version 0.1.0
 - Initial RPM release.
 

src/lxc/Makefile.am

@@ -111,3 +111,18 @@ lxc_restart_LDADD = liblxc.la
 
 lxc_version_SOURCES = lxc_version.c
 lxc_version_LDADD = liblxc.la
+
+install-exec-local:
+	-@/usr/sbin/setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep $(bindir)/lxc-execute 2>&1 > /dev/null && \
+	/usr/sbin/setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep $(bindir)/lxc-start && \
+	mkdir -p $(prefix)/var/lxc && \
+	chmod ugo+rw $(prefix)/var/lxc || \
+	(echo && echo && \
+	 echo "*****************************************************************" && \
+	 echo "*                                                               *" && \
+	 echo "* The installation failed to set file capabilities, that is ok, *" && \
+	 echo "* but you won't have enough privilege to run the 'lxc' commands *" && \
+	 echo "* and you will need to run them as 'root' yourself.             *" && \
+	 echo "*                                                               *" && \
+	 echo "*****************************************************************" && \
+	 echo && echo)
\ No newline at end of file

src/lxc/destroy.c

@@ -31,25 +31,6 @@
 
 #include <lxc/lxc.h>
 
-static int dir_filter(const struct dirent *dirent)
-{
-	if (!strcmp(dirent->d_name, ".") ||
-            !strcmp(dirent->d_name, ".."))
-                return 0;
-        return 1;
-}
-
-static int is_empty_directory(const char *dirname)
-{
-	struct dirent **namelist;
-	int n;
-
-	n = scandir(dirname, &namelist, dir_filter, alphasort);
-	if (n < 0)
-		lxc_log_syserror("failed to scan %s directory", dirname);
-	return n == 0;
-}
-
 static int remove_lxc_directory(const char *dirname)
 {
 	char path[MAXPATHLEN];
@@ -61,13 +42,6 @@ static int remove_lxc_directory(const char *dirname)
 		return -1;
 	}
 
-	if (is_empty_directory(LXCPATH)) {
-		if (rmdir(LXCPATH)) {
-			lxc_log_syserror("failed to remove %s directory", LXCPATH);
-			return -1;
-		}
-	}
-
 	return 0;
 }