From: Serge Hallyn Date: Thu, 9 May 2013 01:25:06 +0000 (-0500) Subject: lxc-create: support unpriv users X-Git-Tag: lxc-1.0.0.alpha1~1^2~114 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=460bcbd85c97b5a0eac9cf7cead1abde1281cd5a;p=thirdparty%2Flxc.git lxc-create: support unpriv users Just make sure we are root if we are asked to deal with something other than a directory, and make sure we have permission to create the container in the given lxcpath. The templates will need much more work. Signed-off-by: Serge Hallyn Acked-by: Stéphane Graber --- diff --git a/src/lxc/lxc_create.c b/src/lxc/lxc_create.c index bd08ea26f..ab5886bd9 100644 --- a/src/lxc/lxc_create.c +++ b/src/lxc/lxc_create.c @@ -171,13 +171,6 @@ int main(int argc, char *argv[]) struct bdev_specs spec; int flags = 0; - /* this is a short term test. We'll probably want to check for - * write access to lxcpath instead */ - if (geteuid()) { - fprintf(stderr, "%s must be run as root\n", argv[0]); - exit(1); - } - if (lxc_arguments_parse(&my_args, argc, argv)) exit(1); @@ -191,6 +184,18 @@ int main(int argc, char *argv[]) if (!validate_bdev_args(&my_args)) exit(1); + if (geteuid()) { + if (access(my_args.lxcpath[0], O_RDWR) < 0) { + fprintf(stderr, "You lack access to %s\n", my_args.lxcpath[0]); + exit(1); + } + if (strcmp(my_args.bdevtype, "dir") && strcmp(my_args.bdevtype, "_unset")) { + fprintf(stderr, "Unprivileged users can only create directory backed containers\n"); + exit(1); + } + } + + c = lxc_container_new(my_args.name, my_args.lxcpath[0]); if (!c) { fprintf(stderr, "System error loading container\n");