lxc-create: support unpriv users

Just make sure we are root if we are asked to deal with something other
than a directory, and make sure we have permission to create the
container in the given lxcpath.

The templates will need much more work.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

diff --git a/src/lxc/lxc_create.c b/src/lxc/lxc_create.c
index bd08ea26f33bcae4e910a1f2a38e68636cfd0bb1..ab5886bd9c4a7275c785d0f3258c07c41abaed68 100644 (file)
--- a/src/lxc/lxc_create.c
+++ b/src/lxc/lxc_create.c
@@ -171,13 +171,6 @@ int main(int argc, char *argv[])
        struct bdev_specs spec;
        int flags = 0;
 
-       /* this is a short term test.  We'll probably want to check for
-        * write access to lxcpath instead */
-       if (geteuid()) {
-               fprintf(stderr, "%s must be run as root\n", argv[0]);
-               exit(1);
-       }
-
        if (lxc_arguments_parse(&my_args, argc, argv))
                exit(1);
 
@@ -191,6 +184,18 @@ int main(int argc, char *argv[])
        if (!validate_bdev_args(&my_args))
                exit(1);
 
+       if (geteuid()) {
+               if (access(my_args.lxcpath[0], O_RDWR) < 0) {
+                       fprintf(stderr, "You lack access to %s\n", my_args.lxcpath[0]);
+                       exit(1);
+               }
+               if (strcmp(my_args.bdevtype, "dir") && strcmp(my_args.bdevtype, "_unset")) {
+                       fprintf(stderr, "Unprivileged users can only create directory backed containers\n");
+                       exit(1);
+               }
+       }
+
+
        c = lxc_container_new(my_args.name, my_args.lxcpath[0]);
        if (!c) {
                fprintf(stderr, "System error loading container\n");