warn about insufficient permissions

With this patch, if an unprivileged user has $HOME 700 or 750 and does lxc-start -n c1 he'll see an error like: lxc_container: Permission denied - could not access /home/serge. Please grant it 'x' access, or add an ACL for t he container root. (This addresses bug pad.lv/1277466) Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

warn about insufficient permissions
bbd23aa0 · Serge Hallyn · Stéphane Graber · ffeb76b4 · bbd23aa0
Commit bbd23aa0 authored Feb 10, 2014 by Serge Hallyn Committed by Stéphane Graber Feb 10, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 30 additions and 0 deletions

conf.c src/lxc/conf.c +30 -0

No files found.
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -753,6 +753,31 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha
 	return 0;
 }
+static void print_top_failing_dir(const char *path)
+{
+	size_t len = strlen(path);
+	char *copy = alloca(len+1), *p, *e, saved;
+	strcpy(copy, path);
+	p = copy;
+	e = copy + len;
+	while (p < e) {
+		while (p < e && *p == '/') p++;
+		while (p < e && *p != '/') p++;
+		if (p >= e)
+			return;
+		saved = *p;
+		*p = '\0';
+		if (access(copy, X_OK)) {
+			SYSERROR("could not access %s.  Please grant it 'x' " \
+			      "access, or add an ACL for the container root.",
+			      copy);
+			return;
+		}
+		*p = saved;
+	}
+}
 static int mount_rootfs(const char *rootfs, const char *target, const char *options)
 {
 	char absrootfs[MAXPATHLEN];
@@ -1546,6 +1571,11 @@ static int setup_rootfs(struct lxc_conf *conf)
 		return -1;
 	}
+	if (access(rootfs->path, R_OK)) {
+		print_top_failing_dir(rootfs->path);
+		return -1;
+	}
 	if (detect_shared_rootfs()) {
 		if (chroot_into_slave(conf)) {
 			ERROR("Failed to chroot into slave /");