allow unpriviledged users to read lxc configuration

author Dietmar Maurer <dietmar@proxmox.com>

Wed, 15 Apr 2015 14:16:57 +0000 (16:16 +0200)

committer Dietmar Maurer <dietmar@proxmox.com>

Wed, 15 Apr 2015 14:16:57 +0000 (16:16 +0200)
author Dietmar Maurer <dietmar@proxmox.com>
Wed, 15 Apr 2015 14:16:57 +0000 (16:16 +0200)
committer Dietmar Maurer <dietmar@proxmox.com>
Wed, 15 Apr 2015 14:16:57 +0000 (16:16 +0200)
diff --git a/data/src/cfs-utils.c b/data/src/cfs-utils.c

index 92d98aa40258a7c1ab7df166aace24eac563918d..d25b85897deda225d5589171178c3c3ec7565237 100644 (file)
--- a/data/src/cfs-utils.c
+++ b/data/src/cfs-utils.c
@@ -308,6 +308,25 @@ path_is_private(const char *path)
         return FALSE;
  }
  
+gboolean
+path_is_lxc_conf(const char *path)
+{
+       while (*path == '/') path++;
+
+       if (strncmp(path, "nodes/", 6) == 0) {
+               const char *tmp = path + 6;
+               while(*tmp && *tmp != '/') tmp++;
+               if (*tmp == '/' && 
+                   (strncmp(tmp, "/lxc", 4) == 0) && 
+                   (tmp[4] == 0 || tmp[4] == '/')) {
+                       return TRUE;
+               }
+       }
+       
+       return FALSE;
+}
+
+
  gboolean
  path_is_lockdir(const char *path)
  {
diff --git a/data/src/cfs-utils.h b/data/src/cfs-utils.h

index b97214c83b4e2ecf14da0ed5fe232ed740813618..027156685886166438b1496c0118acb955838286 100644 (file)
--- a/data/src/cfs-utils.h
+++ b/data/src/cfs-utils.h
@@ -112,6 +112,9 @@ atomic_write_file(
  gboolean
  path_is_private(const char *path);
  
+gboolean
+path_is_lxc_conf(const char *path);
+
  gboolean
  path_is_lockdir(const char *path);
  
diff --git a/data/src/pmxcfs.c b/data/src/pmxcfs.c

index 4c079883aee8bbeca1838e5bb4099124f99ea5b8..bea2c47b11137c37623480149196a24362c98f19 100644 (file)
--- a/data/src/pmxcfs.c
+++ b/data/src/pmxcfs.c
@@ -135,10 +135,19 @@ static int cfs_fuse_getattr(const char *path, struct stat *stbuf)
  
                 stbuf->st_gid = cfs.gid;
  
-               stbuf->st_mode &= 0777750; // no access for other users
-
-               if (path_is_private(path))
+               if (path_is_private(path)) {
                         stbuf->st_mode &= 0777700;
+               } else {
+                       if (S_ISDIR(stbuf->st_mode) || S_ISLNK(stbuf->st_mode)) {
+                               stbuf->st_mode &= 0777755; // access for other users
+                       } else {
+                               if (path_is_lxc_conf(path)) {
+                                       stbuf->st_mode &= 0777755; // access for other users
+                               } else {
+                                       stbuf->st_mode &= 0777750; // no access for other users
+                               }
+                       }
+               }
         }
  
         cfs_debug("leave cfs_fuse_getattr %s (%d)", path, ret);
author	Dietmar Maurer <dietmar@proxmox.com>
	Wed, 15 Apr 2015 14:16:57 +0000 (16:16 +0200)
committer	Dietmar Maurer <dietmar@proxmox.com>
	Wed, 15 Apr 2015 14:16:57 +0000 (16:16 +0200)
data/src/cfs-utils.c		patch \| blob \| blame \| history
data/src/cfs-utils.h		patch \| blob \| blame \| history
data/src/pmxcfs.c		patch \| blob \| blame \| history