Quoting Stéphane Graber (stgra...@ubuntu.com):
> This mostly changes two things:
> - Only log to the container's logfile on start/stop/restart/execute
> - Call may_control() every time we use the API and return
> "Insufficient privileges" on failure.
>
> NOTE: I didn't test every single one of those but I'm fairly confident
> in my copy/paste abilities and I confirmed they all build fine at least.
>
> Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hal...@ubuntu.com>
(was going to ask about may_control in lxc-monitor and lxc-attach, but I
see they haven't been converted to use the API yet.)
> ---
> src/lxc/lxc_attach.c | 3 +++
> src/lxc/lxc_cgroup.c | 9 +++++++++
> src/lxc/lxc_checkpoint.c | 3 +++
> src/lxc/lxc_clone.c | 6 ++++++
> src/lxc/lxc_console.c | 8 ++++++++
> src/lxc/lxc_create.c | 3 +++
> src/lxc/lxc_destroy.c | 8 ++++++++
> src/lxc/lxc_freeze.c | 8 ++++++++
> src/lxc/lxc_info.c | 8 ++++++++
> src/lxc/lxc_kill.c | 3 +++
> src/lxc/lxc_monitor.c | 3 +++
> src/lxc/lxc_snapshot.c | 8 ++++++++
> src/lxc/lxc_stop.c | 5 +++++
> src/lxc/lxc_unfreeze.c | 8 ++++++++
> src/lxc/lxc_wait.c | 8 ++++++++
> 15 files changed, 91 insertions(+)
>
> diff --git a/src/lxc/lxc_attach.c b/src/lxc/lxc_attach.c
> index 4ca00a9..bd4e674 100644
> --- a/src/lxc/lxc_attach.c
> +++ b/src/lxc/lxc_attach.c
> @@ -188,6 +188,9 @@ int main(int argc, char *argv[])
> if (ret)
> return ret;
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]);
> if (ret)
> diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c
> index 2c0508c..b9727a0 100644
> --- a/src/lxc/lxc_cgroup.c
> +++ b/src/lxc/lxc_cgroup.c
> @@ -70,6 +70,9 @@ int main(int argc, char *argv[])
> if (lxc_arguments_parse(&my_args, argc, argv))
> return -1;
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]))
> return -1;
> @@ -79,6 +82,12 @@ int main(int argc, char *argv[])
> c = lxc_container_new(my_args.name, my_args.lxcpath[0]);
> if (!c)
> return -1;
> +
> + if (!c->may_control(c)) {
> + ERROR("Insufficent privileges to control %s:%s",
> my_args.lxcpath[0], my_args.name);
> + return -1;
> + }
> +
> if (!c->is_running(c)) {
> ERROR("'%s:%s' is not running", my_args.lxcpath[0],
> my_args.name);
> lxc_container_put(c);
> diff --git a/src/lxc/lxc_checkpoint.c b/src/lxc/lxc_checkpoint.c
> index ecf19b1..f6a0313 100644
> --- a/src/lxc/lxc_checkpoint.c
> +++ b/src/lxc/lxc_checkpoint.c
> @@ -115,6 +115,9 @@ int main(int argc, char *argv[])
> if (ret)
> return ret;
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]);
> if (ret)
> diff --git a/src/lxc/lxc_clone.c b/src/lxc/lxc_clone.c
> index e0be9da..e01c98b 100644
> --- a/src/lxc/lxc_clone.c
> +++ b/src/lxc/lxc_clone.c
> @@ -160,6 +160,12 @@ int main(int argc, char *argv[])
> c1 = lxc_container_new(orig, lxcpath);
> if (!c1)
> exit(1);
> +
> + if (!c1->may_control(c1)) {
> + fprintf(stderr, "Insufficent privileges to control %s\n", orig);
> + return -1;
> + }
> +
> if (!c1->is_defined(c1)) {
> fprintf(stderr, "Error: container %s is not defined\n", orig);
> lxc_container_put(c1);
> diff --git a/src/lxc/lxc_console.c b/src/lxc/lxc_console.c
> index ea1e999..f5d16fa 100644
> --- a/src/lxc/lxc_console.c
> +++ b/src/lxc/lxc_console.c
> @@ -97,6 +97,9 @@ int main(int argc, char *argv[])
> if (ret)
> return EXIT_FAILURE;
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]);
> if (ret)
> @@ -108,6 +111,11 @@ int main(int argc, char *argv[])
> exit(EXIT_FAILURE);
> }
>
> + if (!c->may_control(c)) {
> + fprintf(stderr, "Insufficent privileges to control %s\n",
> my_args.name);
> + return -1;
> + }
> +
> if (!c->is_running(c)) {
> fprintf(stderr, "%s is not running\n", my_args.name);
> exit(EXIT_FAILURE);
> diff --git a/src/lxc/lxc_create.c b/src/lxc/lxc_create.c
> index f577e30..98cca32 100644
> --- a/src/lxc/lxc_create.c
> +++ b/src/lxc/lxc_create.c
> @@ -174,6 +174,9 @@ int main(int argc, char *argv[])
> if (lxc_arguments_parse(&my_args, argc, argv))
> exit(1);
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]))
> exit(1);
> diff --git a/src/lxc/lxc_destroy.c b/src/lxc/lxc_destroy.c
> index a1f73ca..d50fcf1 100644
> --- a/src/lxc/lxc_destroy.c
> +++ b/src/lxc/lxc_destroy.c
> @@ -74,6 +74,9 @@ int main(int argc, char *argv[])
> if (lxc_arguments_parse(&my_args, argc, argv))
> exit(1);
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]))
> exit(1);
> @@ -84,6 +87,11 @@ int main(int argc, char *argv[])
> exit(1);
> }
>
> + if (!c->may_control(c)) {
> + fprintf(stderr, "Insufficent privileges to control %s\n",
> my_args.name);
> + return -1;
> + }
> +
> if (!c->is_defined(c)) {
> fprintf(stderr, "Container is not defined\n");
> lxc_container_put(c);
> diff --git a/src/lxc/lxc_freeze.c b/src/lxc/lxc_freeze.c
> index 39483a6..92d7aa2 100644
> --- a/src/lxc/lxc_freeze.c
> +++ b/src/lxc/lxc_freeze.c
> @@ -59,6 +59,9 @@ int main(int argc, char *argv[])
> if (lxc_arguments_parse(&my_args, argc, argv))
> exit(1);
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]))
> exit(1);
> @@ -69,6 +72,11 @@ int main(int argc, char *argv[])
> exit(1);
> }
>
> + if (!c->may_control(c)) {
> + ERROR("Insufficent privileges to control %s:%s",
> my_args.lxcpath[0], my_args.name);
> + return -1;
> + }
> +
> if (!c->freeze(c)) {
> ERROR("Failed to freeze %s:%s", my_args.lxcpath[0],
> my_args.name);
> lxc_container_put(c);
> diff --git a/src/lxc/lxc_info.c b/src/lxc/lxc_info.c
> index a4fa3e1..ac56287 100644
> --- a/src/lxc/lxc_info.c
> +++ b/src/lxc/lxc_info.c
> @@ -96,6 +96,9 @@ int main(int argc, char *argv[])
> if (lxc_arguments_parse(&my_args, argc, argv))
> return -1;
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]))
> return -1;
> @@ -104,6 +107,11 @@ int main(int argc, char *argv[])
> if (!c)
> return -1;
>
> + if (!c->may_control(c)) {
> + fprintf(stderr, "Insufficent privileges to control %s\n",
> c->name);
> + return -1;
> + }
> +
> if (!state && !pid && !ips && keys <= 0)
> state = pid = ips = true;
>
> diff --git a/src/lxc/lxc_kill.c b/src/lxc/lxc_kill.c
> index 3ed6e4e..8322b42 100644
> --- a/src/lxc/lxc_kill.c
> +++ b/src/lxc/lxc_kill.c
> @@ -61,6 +61,9 @@ int main(int argc, char *argv[], char *envp[])
> if (ret)
> return ret;
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]);
> if (ret)
> diff --git a/src/lxc/lxc_monitor.c b/src/lxc/lxc_monitor.c
> index 00ab58b..0c27723 100644
> --- a/src/lxc/lxc_monitor.c
> +++ b/src/lxc/lxc_monitor.c
> @@ -67,6 +67,9 @@ int main(int argc, char *argv[])
> if (lxc_arguments_parse(&my_args, argc, argv))
> return -1;
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]))
> return -1;
> diff --git a/src/lxc/lxc_snapshot.c b/src/lxc/lxc_snapshot.c
> index c21563f..573804b 100644
> --- a/src/lxc/lxc_snapshot.c
> +++ b/src/lxc/lxc_snapshot.c
> @@ -160,6 +160,9 @@ int main(int argc, char *argv[])
> if (lxc_arguments_parse(&my_args, argc, argv))
> exit(1);
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> if (my_args.argc > 1) {
> ERROR("Too many arguments");
> return -1;
> @@ -184,6 +187,11 @@ int main(int argc, char *argv[])
> exit(1);
> }
>
> + if (!c->may_control(c)) {
> + fprintf(stderr, "Insufficent privileges to control %s\n",
> my_args.name);
> + return -1;
> + }
> +
> switch(action) {
> case DO_SNAP:
> ret = do_snapshot(c);
> diff --git a/src/lxc/lxc_stop.c b/src/lxc/lxc_stop.c
> index 77de7e5..7203d75 100644
> --- a/src/lxc/lxc_stop.c
> +++ b/src/lxc/lxc_stop.c
> @@ -145,6 +145,11 @@ int main(int argc, char *argv[])
> goto out;
> }
>
> + if (!c->may_control(c)) {
> + fprintf(stderr, "Insufficent privileges to control %s\n",
> c->name);
> + goto out;
> + }
> +
> if (!c->is_running(c)) {
> fprintf(stderr, "%s is not running\n", c->name);
> ret = 2;
> diff --git a/src/lxc/lxc_unfreeze.c b/src/lxc/lxc_unfreeze.c
> index 0130224..4c499ec 100644
> --- a/src/lxc/lxc_unfreeze.c
> +++ b/src/lxc/lxc_unfreeze.c
> @@ -58,6 +58,9 @@ int main(int argc, char *argv[])
> if (lxc_arguments_parse(&my_args, argc, argv))
> exit(1);
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]))
> exit(1);
> @@ -68,6 +71,11 @@ int main(int argc, char *argv[])
> exit(1);
> }
>
> + if (!c->may_control(c)) {
> + ERROR("Insufficent privileges to control %s:%s",
> my_args.lxcpath[0], my_args.name);
> + return -1;
> + }
> +
> if (!c->unfreeze(c)) {
> ERROR("Failed to unfreeze %s:%s", my_args.lxcpath[0],
> my_args.name);
> lxc_container_put(c);
> diff --git a/src/lxc/lxc_wait.c b/src/lxc/lxc_wait.c
> index 4669cee..0a3487f 100644
> --- a/src/lxc/lxc_wait.c
> +++ b/src/lxc/lxc_wait.c
> @@ -85,6 +85,9 @@ int main(int argc, char *argv[])
> if (lxc_arguments_parse(&my_args, argc, argv))
> return -1;
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]))
> return -1;
> @@ -93,6 +96,11 @@ int main(int argc, char *argv[])
> if (!c)
> return -1;
>
> + if (!c->may_control(c)) {
> + fprintf(stderr, "Insufficent privileges to control %s\n",
> c->name);
> + return -1;
> + }
> +
> if (!c->wait(c, my_args.states, my_args.timeout)) {
> lxc_container_put(c);
> return -1;
> --
> 1.8.3.2
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
