better check for lock dir

Consider the case where we're running in a user namespace but in the host's
mount ns with the host's filesystem (something like
lxc-usernsexec ... lxc-execute ...), in this case, we'll be euid 0, but we
can't actually write to /run. Let's improve this locking check to make sure
we can actually write to /run before we decide to actually use it as our
locking dir.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>

diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index dbe2e810b6342e37e84e492e86aea63f7858f8ed..97892ad1e9bd77a5aaf18808ac68942efb7fbb9f 100644 (file)
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -214,8 +214,13 @@ char *get_rundir()
 {
        char *rundir;
        const char *homedir;
+       struct stat sb;
+
+       if (stat(RUNTIME_PATH, &sb) < 0) {
+               return NULL;
+       }
 
-       if (geteuid() == 0) {
+       if (geteuid() == sb.st_uid || getegid() == sb.st_gid) {
                rundir = strdup(RUNTIME_PATH);
                return rundir;
        }