git.ipfire.org Git - thirdparty/lxc.git/commit

lxccontainer: do not display if missing privileges

lxc-ls without root privileges on privileged containers should not display
information. In lxc_container_new(), ongoing_create()'s result is not checked
for all possible returned values. Hence, an unprivileged user can send command
messages to the container's monitor. For example:

$ lxc-ls -P /.../tests -f
NAME     STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
ctr -     0         -      -    -    false
$ sudo lxc-ls -P /.../tests -f
NAME     STATE   AUTOSTART GROUPS IPV4      IPV6 UNPRIVILEGED
ctr RUNNING 0         -      10.0.3.51 -    false

After this change:

$ lxc-ls -P /.../tests -f      <-------- No more display without root privileges
$ sudo lxc-ls -P /.../tests -f
NAME     STATE   AUTOSTART GROUPS IPV4      IPV6 UNPRIVILEGED
ctr RUNNING 0         -      10.0.3.37 -    false
$

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

author	Rachid Koucha <47061324+Rachid-Koucha@users.noreply.github.com>
	Fri, 10 May 2019 16:56:12 +0000 (18:56 +0200)
committer	Christian Brauner <christian.brauner@ubuntu.com>
	Fri, 10 May 2019 19:02:17 +0000 (21:02 +0200)
commit	9fbe07f68da62c90ff849eb1e2d59396d2a9672f
tree	35adbd39bab1610341be69d84eada0b7c64ab279	tree
parent	792ea40042390afe2cfb098875942d2e1bb969c5	commit \| diff