Ensure non-root can read /proc/meminfo file in LXC containers

By default files in a FUSE mount can only be accessed by the
user which created them, even if the file permissions would
otherwise allow it. To allow other users to access the FUSE
mount the 'allow_other' mount option must be used. This bug
prevented non-root users in an LXC container from reading
the /proc/meminfo file.

https://bugzilla.redhat.com/show_bug.cgi?id=967977

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

diff --git a/src/lxc/lxc_fuse.c b/src/lxc/lxc_fuse.c
index b6df99cb913153aeb7033a5b364572e912ad5eec..32886cd253e3c1f245f4985900f87c85b55494bf 100644 (file)
--- a/src/lxc/lxc_fuse.c
+++ b/src/lxc/lxc_fuse.c
@@ -307,6 +307,7 @@ int lxcSetupFuse(virLXCFusePtr *f, virDomainDefPtr def)
     /* process name is libvirt_lxc */
     if (fuse_opt_add_arg(&args, "libvirt_lxc") == -1 ||
         fuse_opt_add_arg(&args, "-odirect_io") == -1 ||
+        fuse_opt_add_arg(&args, "-oallow_other") == -1 ||
         fuse_opt_add_arg(&args, "-ofsname=libvirt") == -1)
         goto cleanup1;