git.ipfire.org Git - thirdparty/lxc.git/commit

lxccontainer: do not display if missing privileges

lxc-ls without root privileges on privileged containers should not display
information. In lxc_container_new(), ongoing_create()'s result is not checked
for all possible returned values. Hence, an unprivileged user can send command
messages to the container's monitor. For example:

$ lxc-ls -P /.../tests -f
NAME     STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
ctr -     0         -      -    -    false
$ sudo lxc-ls -P /.../tests -f
NAME     STATE   AUTOSTART GROUPS IPV4      IPV6 UNPRIVILEGED
ctr RUNNING 0         -      10.0.3.51 -    false

After this change:

$ lxc-ls -P /.../tests -f      <-------- No more display without root privileges
$ sudo lxc-ls -P /.../tests -f
NAME     STATE   AUTOSTART GROUPS IPV4      IPV6 UNPRIVILEGED
ctr RUNNING 0         -      10.0.3.37 -    false
$

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

author	Rachid Koucha <47061324+Rachid-Koucha@users.noreply.github.com>
	Fri, 10 May 2019 16:56:12 +0000 (18:56 +0200)
committer	Christian Brauner <christian.brauner@ubuntu.com>
	Sat, 18 May 2019 09:53:51 +0000 (11:53 +0200)
commit	cd2ca8a1ddaf919cd00a9288f3014b171a8f6449
tree	c2417f8bb0b94e30c0da974565b49756e7a54b41	tree \| snapshot
parent	46dde5277ca0b4bd22f664eea87713ccb8163e87	commit \| diff