We need this to run unprivileged lxc containers.
return FALSE;
}
+gboolean
+path_is_lxc_conf(const char *path)
+{
+ while (*path == '/') path++;
+
+ if (strncmp(path, "nodes/", 6) == 0) {
+ const char *tmp = path + 6;
+ while(*tmp && *tmp != '/') tmp++;
+ if (*tmp == '/' &&
+ (strncmp(tmp, "/lxc", 4) == 0) &&
+ (tmp[4] == 0 || tmp[4] == '/')) {
+ return TRUE;
+ }
+ }
+
+ return FALSE;
+}
+
+
gboolean
path_is_lockdir(const char *path)
{
gboolean
path_is_private(const char *path);
+gboolean
+path_is_lxc_conf(const char *path);
+
gboolean
path_is_lockdir(const char *path);
stbuf->st_gid = cfs.gid;
- stbuf->st_mode &= 0777750; // no access for other users
-
- if (path_is_private(path))
+ if (path_is_private(path)) {
stbuf->st_mode &= 0777700;
+ } else {
+ if (S_ISDIR(stbuf->st_mode) || S_ISLNK(stbuf->st_mode)) {
+ stbuf->st_mode &= 0777755; // access for other users
+ } else {
+ if (path_is_lxc_conf(path)) {
+ stbuf->st_mode &= 0777755; // access for other users
+ } else {
+ stbuf->st_mode &= 0777750; // no access for other users
+ }
+ }
+ }
}
cfs_debug("leave cfs_fuse_getattr %s (%d)", path, ret);