lxc_start: exit early if insufficient privs in daemon mode

Starting a container with insufficient privilege (correctly) fails during lxc_init. However, if starting a daemonized container, we daemonize before we get to that check. Therefore while the container will fail to start, and the logfile will show this, the 'lxc-start -n x -d' command will return success. For ease of scripting, do a check for the required privilege before we exit. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

lxc_start: exit early if insufficient privs in daemon mode
b4df0a1e · Serge Hallyn · Stéphane Graber · 06f5c632 · b4df0a1e
Commit b4df0a1e authored Aug 21, 2012 by Serge Hallyn Committed by Stéphane Graber Oct 25, 2012
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 3 deletions

lxc_start.c src/lxc/lxc_start.c +13 -3

No files found.
--- a/src/lxc/lxc_start.c
+++ b/src/lxc/lxc_start.c
@@ -199,9 +199,19 @@ int main(int argc, char *argv[])
 		free(console);
 	}
-	if (my_args.daemonize && daemon(0, 0)) {
+	if (my_args.daemonize) {
-		SYSERROR("failed to daemonize '%s'", my_args.name);
+		/* do an early check for needed privs, since otherwise the
-		return err;
+		 * user won't see the error */
+		if (!lxc_caps_check()) {
+			ERROR("Not running with sufficient privilege");
+			return err;
+		}
+		if (daemon(0, 0)) {
+			SYSERROR("failed to daemonize '%s'", my_args.name);
+			return err;
+		}
 	}
 	if (my_args.close_all_fds)