Ensure non-root can read /proc/meminfo file in LXC containers

By default files in a FUSE mount can only be accessed by the
user which created them, even if the file permissions would
otherwise allow it. To allow other users to access the FUSE
mount the 'allow_other' mount option must be used. This bug
prevented non-root users in an LXC container from reading
the /proc/meminfo file.

https://bugzilla.redhat.com/show_bug.cgi?id=967977

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 922ebe4ead4a30a6a94731d31b980d0eae113894)

diff --git a/src/lxc/lxc_fuse.c b/src/lxc/lxc_fuse.c
index fbd0d56c9517ffd16b60ff4a6fe959b7afcc66a7..3f4787b7899c412c154a43f3da5869c4be0ea21e 100644 (file)
--- a/src/lxc/lxc_fuse.c
+++ b/src/lxc/lxc_fuse.c
@@ -306,6 +306,7 @@ int lxcSetupFuse(virLXCFusePtr *f, virDomainDefPtr def)
     /* process name is libvirt_lxc */
     if (fuse_opt_add_arg(&args, "libvirt_lxc") == -1 ||
         fuse_opt_add_arg(&args, "-odirect_io") == -1 ||
+        fuse_opt_add_arg(&args, "-oallow_other") == -1 ||
         fuse_opt_add_arg(&args, "-ofsname=libvirt") == -1)
         goto cleanup1;