src/lxc/lxc-setuid.in

   1 #!/bin/bash
   2
   3 #
   4 # lxc: linux Container library
   5
   6 # Authors:
   7 # Daniel Lezcano <daniel.lezcano@free.fr>
   8
   9 # This library is free software; you can redistribute it and/or
  10 # modify it under the terms of the GNU Lesser General Public
  11 # License as published by the Free Software Foundation; either
  12 # version 2.1 of the License, or (at your option) any later version.
  13
  14 # This library is distributed in the hope that it will be useful,
  15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  17 # Lesser General Public License for more details.
  18
  19 # You should have received a copy of the GNU Lesser General Public
  20 # License along with this library; if not, write to the Free Software
  21 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  22
  23 #
  24 # This script allows to set or remove the setuid execution bit on the lxc tools.
  25 # When the capabilities are set, a non root user can manage the containers.
  26 #
  27
  28 usage() {
  29     echo "usage: $(basename $0) [-d]" >&2
  30 }
  31
  32 help() {
  33     usage
  34     echo >&2
  35     echo "Set or drop the setuid attribute on the lxc tools." >&2
  36     echo >&2
  37     echo "Options:" >&2
  38     echo "  -d   drop the setuid attribute" >&2
  39 }
  40
  41 setuid()
  42 {
  43     if [ "$1" = "-r" ]; then
  44         chmod -s $2
  45     else
  46         chmod +s $1
  47     fi
  48 }
  49
  50 lxc_setuid()
  51 {
  52     setuid @BINDIR@/lxc-attach
  53     setuid @BINDIR@/lxc-create
  54     setuid @BINDIR@/lxc-execute
  55     setuid @BINDIR@/lxc-start
  56     setuid @BINDIR@/lxc-restart
  57     setuid @BINDIR@/lxc-unshare
  58     setuid @BINDIR@/lxc-netstat
  59     setuid @BINDIR@/lxc-checkpoint
  60     setuid @LXCINITDIR@/lxc-init
  61
  62     test -e @LXCPATH@ || mkdir -p @LXCPATH@
  63     chmod 0777 @LXCPATH@
  64 }
  65
  66 lxc_dropuid()
  67 {
  68     setuid -r @BINDIR@/lxc-attach
  69     setuid -r @BINDIR@/lxc-create
  70     setuid -r @BINDIR@/lxc-execute
  71     setuid -r @BINDIR@/lxc-start
  72     setuid -r @BINDIR@/lxc-restart
  73     setuid -r @BINDIR@/lxc-unshare
  74     setuid -r @BINDIR@/lxc-netstat
  75     setuid -r @BINDIR@/lxc-checkpoint
  76     setuid -r @LXCINITDIR@/lxc-init
  77
  78     chmod 0755 @LXCPATH@
  79 }
  80
  81 shortoptions='hd'
  82 longoptions='help'
  83
  84 getopt=$(getopt -o $shortoptions --longoptions  $longoptions -- "$@")
  85 if [ $? != 0 ]; then
  86     usage
  87     exit 1
  88 fi
  89
  90 eval set -- "$getopt"
  91
  92 while true; do
  93     case "$1" in
  94         -d)
  95             LXC_DROP_CAPS="yes"
  96             shift
  97             ;;
  98         -h|--help)
  99             help
 100             exit 0
 101             ;;
 102         --)
 103             shift
 104             break
 105             ;;
 106         *)
 107             usage
 108             exit 1
 109             ;;
 110     esac
 111 done;
 112
 113 if [ "$(id -u)" != "0" ]; then
 114    echo "$(basename $0): must be run as root" >&2
 115    exit 1
 116 fi
 117
 118 if [ -z "$LXC_DROP_CAPS" ]; then
 119     lxc_setuid
 120 else
 121     lxc_dropuid
 122 fi