Skip to content

L
lxc
Commit d8cc9804 by Michel Normand Committed by Daniel Lezcano
Options

accept commands from root

Commands should be accepted when they are coming from root. Signed-off-by: 's avatarDaniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: 's avatarMichel Normand <normand@fr.ibm.com>
parent 2dcb28a9
Showing with 2 additions and 2 deletions
src/lxc/af_unix.c
...@@ -237,9 +237,9 @@ int lxc_af_unix_rcv_credential(int fd, void *data, size_t size) ...@@ -237,9 +237,9 @@ int lxc_af_unix_rcv_credential(int fd, void *data, size_t size)
cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_level == SOL_SOCKET &&
cmsg->cmsg_type == SCM_CREDENTIALS) { cmsg->cmsg_type == SCM_CREDENTIALS) {
cred = *((struct ucred *) CMSG_DATA(cmsg)); cred = *((struct ucred *) CMSG_DATA(cmsg));
if (cred.uid != getuid() || cred.gid != getgid()) { if (cred.uid && (cred.uid != getuid() || cred.gid != getgid())) {
INFO("message denied for '%d/%d'", cred.uid, cred.gid); INFO("message denied for '%d/%d'", cred.uid, cred.gid);
return -EPERM; return -EACCES;
} }
} }
out: out:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment