warn about insufficient permissions

With this patch, if an unprivileged user has $HOME 700 or
750 and does

lxc-start -n c1

he'll see an error like:

lxc_container: Permission denied - could not access /home/serge.  Please grant it 'x' access, or add an ACL for t he container root.

(This addresses bug pad.lv/1277466)

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 7ac1f0681a1b815164fa356e756caf9159aaceba..4e25432c491487c4f716e09dbc8bc18338a04709 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -753,6 +753,31 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha
        return 0;
 }
 
+static void print_top_failing_dir(const char *path)
+{
+       size_t len = strlen(path);
+       char *copy = alloca(len+1), *p, *e, saved;
+       strcpy(copy, path);
+
+       p = copy;
+       e = copy + len;
+       while (p < e) {
+               while (p < e && *p == '/') p++;
+               while (p < e && *p != '/') p++;
+               if (p >= e)
+                       return;
+               saved = *p;
+               *p = '\0';
+               if (access(copy, X_OK)) {
+                       SYSERROR("could not access %s.  Please grant it 'x' " \
+                             "access, or add an ACL for the container root.",
+                             copy);
+                       return;
+               }
+               *p = saved;
+       }
+}
+
 static int mount_rootfs(const char *rootfs, const char *target, const char *options)
 {
        char absrootfs[MAXPATHLEN];
@@ -1546,6 +1571,11 @@ static int setup_rootfs(struct lxc_conf *conf)
                return -1;
        }
 
+       if (access(rootfs->path, R_OK)) {
+               print_top_failing_dir(rootfs->path);
+               return -1;
+       }
+
        if (detect_shared_rootfs()) {
                if (chroot_into_slave(conf)) {
                        ERROR("Failed to chroot into slave /");