From: Daniel P. Berrange <berrange@redhat.com>
Date: Tue, 4 Jun 2013 16:37:03 +0000 (+0100)
Subject: Ensure non-root can read /proc/meminfo file in LXC containers
X-Git-Tag: v1.1.0-rc1~137
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=922ebe4ead4a30a6a94731d31b980d0eae113894;p=thirdparty%2Flibvirt.git

Ensure non-root can read /proc/meminfo file in LXC containers

By default files in a FUSE mount can only be accessed by the
user which created them, even if the file permissions would
otherwise allow it. To allow other users to access the FUSE
mount the 'allow_other' mount option must be used. This bug
prevented non-root users in an LXC container from reading
the /proc/meminfo file.

https://bugzilla.redhat.com/show_bug.cgi?id=967977

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---

diff --git a/src/lxc/lxc_fuse.c b/src/lxc/lxc_fuse.c
index b6df99cb91..32886cd253 100644
--- a/src/lxc/lxc_fuse.c
+++ b/src/lxc/lxc_fuse.c
@@ -307,6 +307,7 @@ int lxcSetupFuse(virLXCFusePtr *f, virDomainDefPtr def)
     /* process name is libvirt_lxc */
     if (fuse_opt_add_arg(&args, "libvirt_lxc") == -1 ||
         fuse_opt_add_arg(&args, "-odirect_io") == -1 ||
+        fuse_opt_add_arg(&args, "-oallow_other") == -1 ||
         fuse_opt_add_arg(&args, "-ofsname=libvirt") == -1)
         goto cleanup1;