lxc_start: exit early if insufficient privs in daemon mode

Starting a container with insufficient privilege (correctly) fails
during lxc_init.  However, if starting a daemonized container, we
daemonize before we get to that check.  Therefore while the
container will fail to start, and the logfile will show this, the
'lxc-start -n x -d' command will return success.  For ease of
scripting, do a check for the required privilege before we exit.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

diff --git a/src/lxc/lxc_start.c b/src/lxc/lxc_start.c
index 755944435fa6794ae0133730b38668a379b99089..81a5774c4672df89a8f48c323e364d91d33e9806 100644 (file)
--- a/src/lxc/lxc_start.c
+++ b/src/lxc/lxc_start.c
@@ -199,9 +199,19 @@ int main(int argc, char *argv[])
                free(console);
        }
 
-       if (my_args.daemonize && daemon(0, 0)) {
-               SYSERROR("failed to daemonize '%s'", my_args.name);
-               return err;
+       if (my_args.daemonize) {
+               /* do an early check for needed privs, since otherwise the
+                * user won't see the error */
+
+               if (!lxc_caps_check()) {
+                       ERROR("Not running with sufficient privilege");
+                       return err;
+               }
+
+               if (daemon(0, 0)) {
+                       SYSERROR("failed to daemonize '%s'", my_args.name);
+                       return err;
+               }
        }
 
        if (my_args.close_all_fds)