provide a script to set uid bit on cli

Some file systems do not support the file posix capabilities.
The following script set the setuid bit root on the different
cli.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

diff --git a/configure.ac b/configure.ac
index 692ba1836ab7dcccbdcf0ba6c552c7c9e67c4ae9..3c8c105e4c4e8cbdba5e4453d8f5ef9cf22c5061 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -148,6 +148,7 @@ AC_CONFIG_FILES([
        src/lxc/lxc-netstat
        src/lxc/lxc-checkconfig
        src/lxc/lxc-setcap
+       src/lxc/lxc-setuid
        src/lxc/lxc-version
        src/lxc/lxc-create
        src/lxc/lxc-destroy

diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
index 133f1025e3b58cd749ab6a4b16d02dd683325090..b851e2c98e508c41341fe9720d17fa89cdefb2b1 100644 (file)
--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@@ -67,6 +67,7 @@ bin_SCRIPTS = \
        lxc-ls \
        lxc-checkconfig \
        lxc-setcap \
+       lxc-setuid \
        lxc-version \
        lxc-create \
        lxc-destroy

diff --git a/src/lxc/lxc-setuid.in b/src/lxc/lxc-setuid.in
new file mode 100644 (file)
index 0000000..d65ef1e
--- /dev/null
+++ b/src/lxc/lxc-setuid.in
@@ -0,0 +1,104 @@
+#!/bin/bash
+
+#
+# lxc: linux Container library
+
+# Authors:
+# Daniel Lezcano <daniel.lezcano@free.fr>
+
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+#
+# This script allows to set or remove the setuid execution bit on the lxc tools.
+# When the capabilities are set, a non root user can manage the containers.
+#
+
+usage()
+{
+    echo "lxc-setuid [-d] : set or remove setuid on the lxc tools"
+}
+
+setuid()
+{
+    if [ "$1" = "-r" ]; then
+       chmod -s $2
+    else
+       chmod +s $1
+    fi
+}
+
+lxc_setuid()
+{
+    setuid @BINDIR@/lxc-execute
+    setuid @BINDIR@/lxc-restart
+    setuid @BINDIR@/lxc-unshare
+    setuid @BINDIR@/lxc-netstat
+    setuid @BINDIR@/lxc-checkpoint
+    setuid @LXCINITDIR@/lxc-init
+
+    test -e @LXCPATH@ || mkdir -p @LXCPATH@
+    chmod 0777 @LXCPATH@
+}
+
+lxc_dropuid()
+{
+    setuid -r @BINDIR@/lxc-execute
+    setuid -r @BINDIR@/lxc-restart
+    setuid -r @BINDIR@/lxc-unshare
+    setuid -r @BINDIR@/lxc-netstat
+    setuid -r @BINDIR@/lxc-checkpoint
+    setuid -r @LXCINITDIR@/lxc-init
+    chmod 0755 @LXCPATH@
+}
+
+if [ "$(id -u)" != "0" ]; then
+    echo "You have to be root to run this script"
+    exit 1
+fi
+
+
+if [ $? != 0 ]; then
+    usage
+    exit 1
+fi
+
+set -- $(getopt dh $*)
+
+for i in $*; do
+    case "$1" in
+       -d)
+           LXC_DROP_CAPS="yes"
+           shift
+           ;;
+       -h)
+           usage
+           exit 0
+           ;;
+       --)
+           shift
+           break
+           ;;
+       *)
+           usage
+           exit 1
+           ;;
+    esac
+done;
+
+if [ -z "$LXC_DROP_CAPS" ]; then
+    lxc_setuid
+else
+    lxc_dropuid
+fi
\ No newline at end of file