Skip to content

L
lxc
Commit f5abd74d by Stéphane Graber Committed by Serge Hallyn
Options

Improve behaviour for unprivileged users

This mostly changes two things: - Only log to the container's logfile on start/stop/restart/execute - Call may_control() every time we use the API and return "Insufficient privileges" on failure. NOTE: I didn't test every single one of those but I'm fairly confident in my copy/paste abilities and I confirmed they all build fine at least. Signed-off-by: 's avatarStéphane Graber <stgraber@ubuntu.com> Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
parent 17232fef
Showing with 91 additions and 0 deletions
src/lxc/lxc_attach.c
...@@ -188,6 +188,9 @@ int main(int argc, char *argv[]) ...@@ -188,6 +188,9 @@ int main(int argc, char *argv[])
if (ret) if (ret)
return ret; return ret;
if (!my_args.log_file)
my_args.log_file = "none";
ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority, ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0]); my_args.progname, my_args.quiet, my_args.lxcpath[0]);
if (ret) if (ret)
......
src/lxc/lxc_cgroup.c
...@@ -70,6 +70,9 @@ int main(int argc, char *argv[]) ...@@ -70,6 +70,9 @@ int main(int argc, char *argv[])
if (lxc_arguments_parse(&my_args, argc, argv)) if (lxc_arguments_parse(&my_args, argc, argv))
return -1; return -1;
if (!my_args.log_file)
my_args.log_file = "none";
if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority, if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0])) my_args.progname, my_args.quiet, my_args.lxcpath[0]))
return -1; return -1;
...@@ -79,6 +82,12 @@ int main(int argc, char *argv[]) ...@@ -79,6 +82,12 @@ int main(int argc, char *argv[])
c = lxc_container_new(my_args.name, my_args.lxcpath[0]); c = lxc_container_new(my_args.name, my_args.lxcpath[0]);
if (!c) if (!c)
return -1; return -1;
if (!c->may_control(c)) {
ERROR("Insufficent privileges to control %s:%s", my_args.lxcpath[0], my_args.name);
return -1;
}
if (!c->is_running(c)) { if (!c->is_running(c)) {
ERROR("'%s:%s' is not running", my_args.lxcpath[0], my_args.name); ERROR("'%s:%s' is not running", my_args.lxcpath[0], my_args.name);
lxc_container_put(c); lxc_container_put(c);
......
src/lxc/lxc_checkpoint.c
...@@ -115,6 +115,9 @@ int main(int argc, char *argv[]) ...@@ -115,6 +115,9 @@ int main(int argc, char *argv[])
if (ret) if (ret)
return ret; return ret;
if (!my_args.log_file)
my_args.log_file = "none";
ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority, ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0]); my_args.progname, my_args.quiet, my_args.lxcpath[0]);
if (ret) if (ret)
......
src/lxc/lxc_clone.c
...@@ -160,6 +160,12 @@ int main(int argc, char *argv[]) ...@@ -160,6 +160,12 @@ int main(int argc, char *argv[])
c1 = lxc_container_new(orig, lxcpath); c1 = lxc_container_new(orig, lxcpath);
if (!c1) if (!c1)
exit(1); exit(1);
if (!c1->may_control(c1)) {
fprintf(stderr, "Insufficent privileges to control %s\n", orig);
return -1;
}
if (!c1->is_defined(c1)) { if (!c1->is_defined(c1)) {
fprintf(stderr, "Error: container %s is not defined\n", orig); fprintf(stderr, "Error: container %s is not defined\n", orig);
lxc_container_put(c1); lxc_container_put(c1);
......
src/lxc/lxc_console.c
...@@ -97,6 +97,9 @@ int main(int argc, char *argv[]) ...@@ -97,6 +97,9 @@ int main(int argc, char *argv[])
if (ret) if (ret)
return EXIT_FAILURE; return EXIT_FAILURE;
if (!my_args.log_file)
my_args.log_file = "none";
ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority, ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0]); my_args.progname, my_args.quiet, my_args.lxcpath[0]);
if (ret) if (ret)
...@@ -108,6 +111,11 @@ int main(int argc, char *argv[]) ...@@ -108,6 +111,11 @@ int main(int argc, char *argv[])
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
if (!c->may_control(c)) {
fprintf(stderr, "Insufficent privileges to control %s\n", my_args.name);
return -1;
}
if (!c->is_running(c)) { if (!c->is_running(c)) {
fprintf(stderr, "%s is not running\n", my_args.name); fprintf(stderr, "%s is not running\n", my_args.name);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
......
src/lxc/lxc_create.c
...@@ -174,6 +174,9 @@ int main(int argc, char *argv[]) ...@@ -174,6 +174,9 @@ int main(int argc, char *argv[])
if (lxc_arguments_parse(&my_args, argc, argv)) if (lxc_arguments_parse(&my_args, argc, argv))
exit(1); exit(1);
if (!my_args.log_file)
my_args.log_file = "none";
if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority, if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0])) my_args.progname, my_args.quiet, my_args.lxcpath[0]))
exit(1); exit(1);
......
src/lxc/lxc_destroy.c
...@@ -74,6 +74,9 @@ int main(int argc, char *argv[]) ...@@ -74,6 +74,9 @@ int main(int argc, char *argv[])
if (lxc_arguments_parse(&my_args, argc, argv)) if (lxc_arguments_parse(&my_args, argc, argv))
exit(1); exit(1);
if (!my_args.log_file)
my_args.log_file = "none";
if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority, if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0])) my_args.progname, my_args.quiet, my_args.lxcpath[0]))
exit(1); exit(1);
...@@ -84,6 +87,11 @@ int main(int argc, char *argv[]) ...@@ -84,6 +87,11 @@ int main(int argc, char *argv[])
exit(1); exit(1);
} }
if (!c->may_control(c)) {
fprintf(stderr, "Insufficent privileges to control %s\n", my_args.name);
return -1;
}
if (!c->is_defined(c)) { if (!c->is_defined(c)) {
fprintf(stderr, "Container is not defined\n"); fprintf(stderr, "Container is not defined\n");
lxc_container_put(c); lxc_container_put(c);
......
src/lxc/lxc_freeze.c
...@@ -59,6 +59,9 @@ int main(int argc, char *argv[]) ...@@ -59,6 +59,9 @@ int main(int argc, char *argv[])
if (lxc_arguments_parse(&my_args, argc, argv)) if (lxc_arguments_parse(&my_args, argc, argv))
exit(1); exit(1);
if (!my_args.log_file)
my_args.log_file = "none";
if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority, if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0])) my_args.progname, my_args.quiet, my_args.lxcpath[0]))
exit(1); exit(1);
...@@ -69,6 +72,11 @@ int main(int argc, char *argv[]) ...@@ -69,6 +72,11 @@ int main(int argc, char *argv[])
exit(1); exit(1);
} }
if (!c->may_control(c)) {
ERROR("Insufficent privileges to control %s:%s", my_args.lxcpath[0], my_args.name);
return -1;
}
if (!c->freeze(c)) { if (!c->freeze(c)) {
ERROR("Failed to freeze %s:%s", my_args.lxcpath[0], my_args.name); ERROR("Failed to freeze %s:%s", my_args.lxcpath[0], my_args.name);
lxc_container_put(c); lxc_container_put(c);
......
src/lxc/lxc_info.c
...@@ -96,6 +96,9 @@ int main(int argc, char *argv[]) ...@@ -96,6 +96,9 @@ int main(int argc, char *argv[])
if (lxc_arguments_parse(&my_args, argc, argv)) if (lxc_arguments_parse(&my_args, argc, argv))
return -1; return -1;
if (!my_args.log_file)
my_args.log_file = "none";
if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority, if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0])) my_args.progname, my_args.quiet, my_args.lxcpath[0]))
return -1; return -1;
...@@ -104,6 +107,11 @@ int main(int argc, char *argv[]) ...@@ -104,6 +107,11 @@ int main(int argc, char *argv[])
if (!c) if (!c)
return -1; return -1;
if (!c->may_control(c)) {
fprintf(stderr, "Insufficent privileges to control %s\n", c->name);
return -1;
}
if (!state && !pid && !ips && keys <= 0) if (!state && !pid && !ips && keys <= 0)
state = pid = ips = true; state = pid = ips = true;
......
src/lxc/lxc_kill.c
...@@ -61,6 +61,9 @@ int main(int argc, char *argv[], char *envp[]) ...@@ -61,6 +61,9 @@ int main(int argc, char *argv[], char *envp[])
if (ret) if (ret)
return ret; return ret;
if (!my_args.log_file)
my_args.log_file = "none";
ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority, ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0]); my_args.progname, my_args.quiet, my_args.lxcpath[0]);
if (ret) if (ret)
......
src/lxc/lxc_monitor.c
...@@ -67,6 +67,9 @@ int main(int argc, char *argv[]) ...@@ -67,6 +67,9 @@ int main(int argc, char *argv[])
if (lxc_arguments_parse(&my_args, argc, argv)) if (lxc_arguments_parse(&my_args, argc, argv))
return -1; return -1;
if (!my_args.log_file)
my_args.log_file = "none";
if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority, if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0])) my_args.progname, my_args.quiet, my_args.lxcpath[0]))
return -1; return -1;
......
src/lxc/lxc_snapshot.c
...@@ -160,6 +160,9 @@ int main(int argc, char *argv[]) ...@@ -160,6 +160,9 @@ int main(int argc, char *argv[])
if (lxc_arguments_parse(&my_args, argc, argv)) if (lxc_arguments_parse(&my_args, argc, argv))
exit(1); exit(1);
if (!my_args.log_file)
my_args.log_file = "none";
if (my_args.argc > 1) { if (my_args.argc > 1) {
ERROR("Too many arguments"); ERROR("Too many arguments");
return -1; return -1;
...@@ -184,6 +187,11 @@ int main(int argc, char *argv[]) ...@@ -184,6 +187,11 @@ int main(int argc, char *argv[])
exit(1); exit(1);
} }
if (!c->may_control(c)) {
fprintf(stderr, "Insufficent privileges to control %s\n", my_args.name);
return -1;
}
switch(action) { switch(action) {
case DO_SNAP: case DO_SNAP:
ret = do_snapshot(c); ret = do_snapshot(c);
......
src/lxc/lxc_stop.c
...@@ -145,6 +145,11 @@ int main(int argc, char *argv[]) ...@@ -145,6 +145,11 @@ int main(int argc, char *argv[])
goto out; goto out;
} }
if (!c->may_control(c)) {
fprintf(stderr, "Insufficent privileges to control %s\n", c->name);
goto out;
}
if (!c->is_running(c)) { if (!c->is_running(c)) {
fprintf(stderr, "%s is not running\n", c->name); fprintf(stderr, "%s is not running\n", c->name);
ret = 2; ret = 2;
......
src/lxc/lxc_unfreeze.c
...@@ -58,6 +58,9 @@ int main(int argc, char *argv[]) ...@@ -58,6 +58,9 @@ int main(int argc, char *argv[])
if (lxc_arguments_parse(&my_args, argc, argv)) if (lxc_arguments_parse(&my_args, argc, argv))
exit(1); exit(1);
if (!my_args.log_file)
my_args.log_file = "none";
if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority, if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0])) my_args.progname, my_args.quiet, my_args.lxcpath[0]))
exit(1); exit(1);
...@@ -68,6 +71,11 @@ int main(int argc, char *argv[]) ...@@ -68,6 +71,11 @@ int main(int argc, char *argv[])
exit(1); exit(1);
} }
if (!c->may_control(c)) {
ERROR("Insufficent privileges to control %s:%s", my_args.lxcpath[0], my_args.name);
return -1;
}
if (!c->unfreeze(c)) { if (!c->unfreeze(c)) {
ERROR("Failed to unfreeze %s:%s", my_args.lxcpath[0], my_args.name); ERROR("Failed to unfreeze %s:%s", my_args.lxcpath[0], my_args.name);
lxc_container_put(c); lxc_container_put(c);
......
src/lxc/lxc_wait.c
...@@ -85,6 +85,9 @@ int main(int argc, char *argv[]) ...@@ -85,6 +85,9 @@ int main(int argc, char *argv[])
if (lxc_arguments_parse(&my_args, argc, argv)) if (lxc_arguments_parse(&my_args, argc, argv))
return -1; return -1;
if (!my_args.log_file)
my_args.log_file = "none";
if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority, if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0])) my_args.progname, my_args.quiet, my_args.lxcpath[0]))
return -1; return -1;
...@@ -93,6 +96,11 @@ int main(int argc, char *argv[]) ...@@ -93,6 +96,11 @@ int main(int argc, char *argv[])
if (!c) if (!c)
return -1; return -1;
if (!c->may_control(c)) {
fprintf(stderr, "Insufficent privileges to control %s\n", c->name);
return -1;
}
if (!c->wait(c, my_args.states, my_args.timeout)) { if (!c->wait(c, my_args.states, my_args.timeout)) {
lxc_container_put(c); lxc_container_put(c);
return -1; return -1;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment