From: dlezcano Date: Tue, 25 Nov 2008 17:01:56 +0000 (+0000) Subject: Add read permission checking for the container X-Git-Tag: lxc_0_5_0~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=526e288e423a49777b8dc222476cd8b36c734f0a;p=thirdparty%2Flxc.git Add read permission checking for the container From: Daniel Lezcano When an user tries to look at the pids or network information belonging to a container not owned by the user. The command silently fails, I changed that to check the read permission, display an error and exit. Signed-off-by: Daniel Lezcano --- diff --git a/src/lxc/lxc-netstat.in b/src/lxc/lxc-netstat.in index 63728de14..6603d4a20 100644 --- a/src/lxc/lxc-netstat.in +++ b/src/lxc/lxc-netstat.in @@ -30,10 +30,15 @@ if [ ! -d $lxcpath/$name ]; then exit 1 fi +if [ ! -r $lxcpath/$name ]; then + echo "Can not access '$name': permission denied" + exit 1 +fi + if [ ! -f $lxcpath/$name/init ]; then exit 0 fi -initpid=$(cat $lxcpath/$name/init) - -mount --bind /proc/$initpid/net /proc/$$/net && exec netstat $* \ No newline at end of file +initpid=$(cat $lxcpath/$name/init) && \ + mount --bind /proc/$initpid/net /proc/$$/net && \ + exec netstat $* diff --git a/src/lxc/lxc-ps.in b/src/lxc/lxc-ps.in index a3439e998..165726ae5 100755 --- a/src/lxc/lxc-ps.in +++ b/src/lxc/lxc-ps.in @@ -30,6 +30,11 @@ if [ ! -d $lxcpath/$name ]; then exit 1 fi +if [ ! -r $lxcpath/$name ]; then + echo "Can not access '$name', permission denied" + exit 1 +fi + if [ -h $lxcpath/$name/nsgroup ]; then ps $* -p $(cat $lxcpath/$name/nsgroup/tasks) fi