From: Serge Hallyn <serge.hallyn@ubuntu.com>
Date: Wed, 12 Feb 2014 04:20:03 +0000 (-0600)
Subject: check for access to lxcpath
X-Git-Tag: lxc-1.0.0.rc1~32
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c8154066e8768ec4caea76625719b759f93b5b52;p=thirdparty%2Flxc.git

check for access to lxcpath

The previous check for access to rootfs->path failed in the case of
overlayfs or loop backign stores.  Instead just check early on for
access to lxcpath.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
---

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 522c5901c..ecf2171fc 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -753,31 +753,6 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha
 	return 0;
 }
 
-static void print_top_failing_dir(const char *path)
-{
-	size_t len = strlen(path);
-	char *copy = alloca(len+1), *p, *e, saved;
-	strcpy(copy, path);
-
-	p = copy;
-	e = copy + len;
-	while (p < e) {
-		while (p < e && *p == '/') p++;
-		while (p < e && *p != '/') p++;
-		if (p >= e)
-			return;
-		saved = *p;
-		*p = '\0';
-		if (access(copy, X_OK)) {
-			SYSERROR("could not access %s.  Please grant it 'x' " \
-			      "access, or add an ACL for the container root.",
-			      copy);
-			return;
-		}
-		*p = saved;
-	}
-}
-
 static int mount_rootfs(const char *rootfs, const char *target, const char *options)
 {
 	char absrootfs[MAXPATHLEN];
@@ -1571,11 +1546,6 @@ static int setup_rootfs(struct lxc_conf *conf)
 		return -1;
 	}
 
-	if (access(rootfs->path, R_OK)) {
-		print_top_failing_dir(rootfs->path);
-		return -1;
-	}
-
 	if (detect_shared_rootfs()) {
 		if (chroot_into_slave(conf)) {
 			ERROR("Failed to chroot into slave /");
diff --git a/src/lxc/start.c b/src/lxc/start.c
index ff2753aba..69e34861a 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -83,6 +83,31 @@ const struct ns_info ns_info[LXC_NS_MAX] = {
 	[LXC_NS_NET] = {"net", CLONE_NEWNET}
 };
 
+static void print_top_failing_dir(const char *path)
+{
+	size_t len = strlen(path);
+	char *copy = alloca(len+1), *p, *e, saved;
+	strcpy(copy, path);
+
+	p = copy;
+	e = copy + len;
+	while (p < e) {
+		while (p < e && *p == '/') p++;
+		while (p < e && *p != '/') p++;
+		if (p >= e)
+			return;
+		saved = *p;
+		*p = '\0';
+		if (access(copy, X_OK)) {
+			SYSERROR("could not access %s.  Please grant it 'x' " \
+			      "access, or add an ACL for the container root.",
+			      copy);
+			return;
+		}
+		*p = saved;
+	}
+}
+
 static void close_ns(int ns_fd[LXC_NS_MAX]) {
 	int i;
 
@@ -592,6 +617,11 @@ static int do_start(void *data)
 		}
 	}
 
+	if (access(handler->lxcpath, R_OK)) {
+		print_top_failing_dir(handler->lxcpath);
+		goto out_warn_father;
+	}
+
 	#if HAVE_SYS_CAPABILITY_H
 	if (handler->conf->need_utmp_watch) {
 		if (prctl(PR_CAPBSET_DROP, CAP_SYS_BOOT, 0, 0, 0)) {