check for access to lxcpath

The previous check for access to rootfs->path failed in the case of
overlayfs or loop backign stores.  Instead just check early on for
access to lxcpath.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 522c5901cb585da5b5bc452d0b75f74ae3f96bf8..ecf2171fc6e9bf5011bc98733ce1524757067b3f 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -753,31 +753,6 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha
        return 0;
 }
 
-static void print_top_failing_dir(const char *path)
-{
-       size_t len = strlen(path);
-       char *copy = alloca(len+1), *p, *e, saved;
-       strcpy(copy, path);
-
-       p = copy;
-       e = copy + len;
-       while (p < e) {
-               while (p < e && *p == '/') p++;
-               while (p < e && *p != '/') p++;
-               if (p >= e)
-                       return;
-               saved = *p;
-               *p = '\0';
-               if (access(copy, X_OK)) {
-                       SYSERROR("could not access %s.  Please grant it 'x' " \
-                             "access, or add an ACL for the container root.",
-                             copy);
-                       return;
-               }
-               *p = saved;
-       }
-}
-
 static int mount_rootfs(const char *rootfs, const char *target, const char *options)
 {
        char absrootfs[MAXPATHLEN];
@@ -1571,11 +1546,6 @@ static int setup_rootfs(struct lxc_conf *conf)
                return -1;
        }
 
-       if (access(rootfs->path, R_OK)) {
-               print_top_failing_dir(rootfs->path);
-               return -1;
-       }
-
        if (detect_shared_rootfs()) {
                if (chroot_into_slave(conf)) {
                        ERROR("Failed to chroot into slave /");

diff --git a/src/lxc/start.c b/src/lxc/start.c
index ff2753aba42d75ecb019b9de1a4d66ae4de103e8..69e34861acb84b617849ff4aa42ff4dfe6dcdb58 100644 (file)
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -83,6 +83,31 @@ const struct ns_info ns_info[LXC_NS_MAX] = {
        [LXC_NS_NET] = {"net", CLONE_NEWNET}
 };
 
+static void print_top_failing_dir(const char *path)
+{
+       size_t len = strlen(path);
+       char *copy = alloca(len+1), *p, *e, saved;
+       strcpy(copy, path);
+
+       p = copy;
+       e = copy + len;
+       while (p < e) {
+               while (p < e && *p == '/') p++;
+               while (p < e && *p != '/') p++;
+               if (p >= e)
+                       return;
+               saved = *p;
+               *p = '\0';
+               if (access(copy, X_OK)) {
+                       SYSERROR("could not access %s.  Please grant it 'x' " \
+                             "access, or add an ACL for the container root.",
+                             copy);
+                       return;
+               }
+               *p = saved;
+       }
+}
+
 static void close_ns(int ns_fd[LXC_NS_MAX]) {
        int i;
 
@@ -592,6 +617,11 @@ static int do_start(void *data)
                }
        }
 
+       if (access(handler->lxcpath, R_OK)) {
+               print_top_failing_dir(handler->lxcpath);
+               goto out_warn_father;
+       }
+
        #if HAVE_SYS_CAPABILITY_H
        if (handler->conf->need_utmp_watch) {
                if (prctl(PR_CAPBSET_DROP, CAP_SYS_BOOT, 0, 0, 0)) {