From: Tycho Andersen <tycho@tycho.ws>
Date: Fri, 26 Jan 2018 17:43:12 +0000 (+0000)
Subject: better check for lock dir
X-Git-Tag: lxc-2.0.10~369
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=853752d4731bb3b9c98dd53dc0c3981508ac94d4;p=thirdparty%2Flxc.git

better check for lock dir

Consider the case where we're running in a user namespace but in the host's
mount ns with the host's filesystem (something like
lxc-usernsexec ... lxc-execute ...), in this case, we'll be euid 0, but we
can't actually write to /run. Let's improve this locking check to make sure
we can actually write to /run before we decide to actually use it as our
locking dir.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
---

diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index ec451bcd6..b59caad01 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -245,8 +245,13 @@ char *get_rundir()
 {
 	char *rundir;
 	const char *homedir;
+	struct stat sb;
+
+	if (stat(RUNTIME_PATH, &sb) < 0) {
+		return NULL;
+	}
 
-	if (geteuid() == 0) {
+	if (geteuid() == sb.st_uid || getegid() == sb.st_gid) {
 		rundir = strdup(RUNTIME_PATH);
 		return rundir;
 	}