From: Stéphane Graber <stgraber@ubuntu.com>
Date: Wed, 2 Oct 2013 22:25:37 +0000 (-0400)
Subject: Improve behaviour for unprivileged users
X-Git-Tag: lxc-1.0.0.alpha2~56
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f5abd74d1a6f5f6c04d982b31a6b1edbaf0f2582;p=thirdparty%2Flxc.git

Improve behaviour for unprivileged users

This mostly changes two things:
 - Only log to the container's logfile on start/stop/restart/execute
 - Call may_control() every time we use the API and return
   "Insufficient privileges" on failure.

NOTE: I didn't test every single one of those but I'm fairly confident
      in my copy/paste abilities and I confirmed they all build fine at least.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
---

diff --git a/src/lxc/lxc_attach.c b/src/lxc/lxc_attach.c
index 4ca00a97f..bd4e674d2 100644
--- a/src/lxc/lxc_attach.c
+++ b/src/lxc/lxc_attach.c
@@ -188,6 +188,9 @@ int main(int argc, char *argv[])
 	if (ret)
 		return ret;
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			   my_args.progname, my_args.quiet, my_args.lxcpath[0]);
 	if (ret)
diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c
index 2c0508c7e..b9727a0f4 100644
--- a/src/lxc/lxc_cgroup.c
+++ b/src/lxc/lxc_cgroup.c
@@ -70,6 +70,9 @@ int main(int argc, char *argv[])
 	if (lxc_arguments_parse(&my_args, argc, argv))
 		return -1;
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			 my_args.progname, my_args.quiet, my_args.lxcpath[0]))
 		return -1;
@@ -79,6 +82,12 @@ int main(int argc, char *argv[])
 	c = lxc_container_new(my_args.name, my_args.lxcpath[0]);
 	if (!c)
 		return -1;
+
+	if (!c->may_control(c)) {
+		ERROR("Insufficent privileges to control %s:%s", my_args.lxcpath[0], my_args.name);
+		return -1;
+	}
+
 	if (!c->is_running(c)) {
 		ERROR("'%s:%s' is not running", my_args.lxcpath[0], my_args.name);
 		lxc_container_put(c);
diff --git a/src/lxc/lxc_checkpoint.c b/src/lxc/lxc_checkpoint.c
index ecf19b139..f6a031390 100644
--- a/src/lxc/lxc_checkpoint.c
+++ b/src/lxc/lxc_checkpoint.c
@@ -115,6 +115,9 @@ int main(int argc, char *argv[])
 	if (ret)
 		return ret;
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			   my_args.progname, my_args.quiet, my_args.lxcpath[0]);
 	if (ret)
diff --git a/src/lxc/lxc_clone.c b/src/lxc/lxc_clone.c
index e0be9da3f..e01c98b27 100644
--- a/src/lxc/lxc_clone.c
+++ b/src/lxc/lxc_clone.c
@@ -160,6 +160,12 @@ int main(int argc, char *argv[])
 	c1 = lxc_container_new(orig, lxcpath);
 	if (!c1)
 		exit(1);
+
+	if (!c1->may_control(c1)) {
+		fprintf(stderr, "Insufficent privileges to control %s\n", orig);
+		return -1;
+	}
+
 	if (!c1->is_defined(c1)) {
 		fprintf(stderr, "Error: container %s is not defined\n", orig);
 		lxc_container_put(c1);
diff --git a/src/lxc/lxc_console.c b/src/lxc/lxc_console.c
index ea1e9993f..f5d16fa6b 100644
--- a/src/lxc/lxc_console.c
+++ b/src/lxc/lxc_console.c
@@ -97,6 +97,9 @@ int main(int argc, char *argv[])
 	if (ret)
 		return EXIT_FAILURE;
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			   my_args.progname, my_args.quiet, my_args.lxcpath[0]);
 	if (ret)
@@ -108,6 +111,11 @@ int main(int argc, char *argv[])
 		exit(EXIT_FAILURE);
 	}
 
+	if (!c->may_control(c)) {
+		fprintf(stderr, "Insufficent privileges to control %s\n", my_args.name);
+		return -1;
+	}
+
 	if (!c->is_running(c)) {
 		fprintf(stderr, "%s is not running\n", my_args.name);
 		exit(EXIT_FAILURE);
diff --git a/src/lxc/lxc_create.c b/src/lxc/lxc_create.c
index f577e3005..98cca325b 100644
--- a/src/lxc/lxc_create.c
+++ b/src/lxc/lxc_create.c
@@ -174,6 +174,9 @@ int main(int argc, char *argv[])
 	if (lxc_arguments_parse(&my_args, argc, argv))
 		exit(1);
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			 my_args.progname, my_args.quiet, my_args.lxcpath[0]))
 		exit(1);
diff --git a/src/lxc/lxc_destroy.c b/src/lxc/lxc_destroy.c
index a1f73ca83..d50fcf121 100644
--- a/src/lxc/lxc_destroy.c
+++ b/src/lxc/lxc_destroy.c
@@ -74,6 +74,9 @@ int main(int argc, char *argv[])
 	if (lxc_arguments_parse(&my_args, argc, argv))
 		exit(1);
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			 my_args.progname, my_args.quiet, my_args.lxcpath[0]))
 		exit(1);
@@ -84,6 +87,11 @@ int main(int argc, char *argv[])
 		exit(1);
 	}
 
+	if (!c->may_control(c)) {
+		fprintf(stderr, "Insufficent privileges to control %s\n", my_args.name);
+		return -1;
+	}
+
 	if (!c->is_defined(c)) {
 		fprintf(stderr, "Container is not defined\n");
 		lxc_container_put(c);
diff --git a/src/lxc/lxc_freeze.c b/src/lxc/lxc_freeze.c
index 39483a637..92d7aa272 100644
--- a/src/lxc/lxc_freeze.c
+++ b/src/lxc/lxc_freeze.c
@@ -59,6 +59,9 @@ int main(int argc, char *argv[])
 	if (lxc_arguments_parse(&my_args, argc, argv))
 		exit(1);
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			 my_args.progname, my_args.quiet, my_args.lxcpath[0]))
 		exit(1);
@@ -69,6 +72,11 @@ int main(int argc, char *argv[])
 		exit(1);
 	}
 
+	if (!c->may_control(c)) {
+		ERROR("Insufficent privileges to control %s:%s", my_args.lxcpath[0], my_args.name);
+		return -1;
+	}
+
 	if (!c->freeze(c)) {
 		ERROR("Failed to freeze %s:%s", my_args.lxcpath[0], my_args.name);
 		lxc_container_put(c);
diff --git a/src/lxc/lxc_info.c b/src/lxc/lxc_info.c
index a4fa3e1f9..ac562878a 100644
--- a/src/lxc/lxc_info.c
+++ b/src/lxc/lxc_info.c
@@ -96,6 +96,9 @@ int main(int argc, char *argv[])
 	if (lxc_arguments_parse(&my_args, argc, argv))
 		return -1;
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			 my_args.progname, my_args.quiet, my_args.lxcpath[0]))
 		return -1;
@@ -104,6 +107,11 @@ int main(int argc, char *argv[])
 	if (!c)
 		return -1;
 
+	if (!c->may_control(c)) {
+		fprintf(stderr, "Insufficent privileges to control %s\n", c->name);
+		return -1;
+	}
+
 	if (!state && !pid && !ips && keys <= 0)
 		state = pid = ips = true;
 
diff --git a/src/lxc/lxc_kill.c b/src/lxc/lxc_kill.c
index 3ed6e4e81..8322b424f 100644
--- a/src/lxc/lxc_kill.c
+++ b/src/lxc/lxc_kill.c
@@ -61,6 +61,9 @@ int main(int argc, char *argv[], char *envp[])
 	if (ret)
 		return ret;
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			   my_args.progname, my_args.quiet, my_args.lxcpath[0]);
 	if (ret)
diff --git a/src/lxc/lxc_monitor.c b/src/lxc/lxc_monitor.c
index 00ab58b51..0c277231f 100644
--- a/src/lxc/lxc_monitor.c
+++ b/src/lxc/lxc_monitor.c
@@ -67,6 +67,9 @@ int main(int argc, char *argv[])
 	if (lxc_arguments_parse(&my_args, argc, argv))
 		return -1;
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			 my_args.progname, my_args.quiet, my_args.lxcpath[0]))
 		return -1;
diff --git a/src/lxc/lxc_snapshot.c b/src/lxc/lxc_snapshot.c
index c21563f60..573804b39 100644
--- a/src/lxc/lxc_snapshot.c
+++ b/src/lxc/lxc_snapshot.c
@@ -160,6 +160,9 @@ int main(int argc, char *argv[])
 	if (lxc_arguments_parse(&my_args, argc, argv))
 		exit(1);
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	if (my_args.argc > 1) {
 		ERROR("Too many arguments");
 		return -1;
@@ -184,6 +187,11 @@ int main(int argc, char *argv[])
 		exit(1);
 	}
 
+	if (!c->may_control(c)) {
+		fprintf(stderr, "Insufficent privileges to control %s\n", my_args.name);
+		return -1;
+	}
+
 	switch(action) {
 	case DO_SNAP:
 		ret = do_snapshot(c);
diff --git a/src/lxc/lxc_stop.c b/src/lxc/lxc_stop.c
index 77de7e5d1..7203d7508 100644
--- a/src/lxc/lxc_stop.c
+++ b/src/lxc/lxc_stop.c
@@ -145,6 +145,11 @@ int main(int argc, char *argv[])
 		goto out;
 	}
 
+	if (!c->may_control(c)) {
+		fprintf(stderr, "Insufficent privileges to control %s\n", c->name);
+		goto out;
+	}
+
 	if (!c->is_running(c)) {
 		fprintf(stderr, "%s is not running\n", c->name);
 		ret = 2;
diff --git a/src/lxc/lxc_unfreeze.c b/src/lxc/lxc_unfreeze.c
index 0130224a2..4c499ec19 100644
--- a/src/lxc/lxc_unfreeze.c
+++ b/src/lxc/lxc_unfreeze.c
@@ -58,6 +58,9 @@ int main(int argc, char *argv[])
 	if (lxc_arguments_parse(&my_args, argc, argv))
 		exit(1);
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			 my_args.progname, my_args.quiet, my_args.lxcpath[0]))
 		exit(1);
@@ -68,6 +71,11 @@ int main(int argc, char *argv[])
 		exit(1);
 	}
 
+	if (!c->may_control(c)) {
+		ERROR("Insufficent privileges to control %s:%s", my_args.lxcpath[0], my_args.name);
+		return -1;
+	}
+
 	if (!c->unfreeze(c)) {
 		ERROR("Failed to unfreeze %s:%s", my_args.lxcpath[0], my_args.name);
 		lxc_container_put(c);
diff --git a/src/lxc/lxc_wait.c b/src/lxc/lxc_wait.c
index 4669cee69..0a3487f17 100644
--- a/src/lxc/lxc_wait.c
+++ b/src/lxc/lxc_wait.c
@@ -85,6 +85,9 @@ int main(int argc, char *argv[])
 	if (lxc_arguments_parse(&my_args, argc, argv))
 		return -1;
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			 my_args.progname, my_args.quiet, my_args.lxcpath[0]))
 		return -1;
@@ -93,6 +96,11 @@ int main(int argc, char *argv[])
 	if (!c)
 		return -1;
 
+	if (!c->may_control(c)) {
+		fprintf(stderr, "Insufficent privileges to control %s\n", c->name);
+		return -1;
+	}
+
 	if (!c->wait(c, my_args.states, my_args.timeout)) {
 		lxc_container_put(c);
 		return -1;