]> git.proxmox.com Git - mirror_lxc.git/commitdiff
lxc_start: exit early if insufficient privs in daemon mode
authorSerge Hallyn <serge.halyn@ubuntu.com>
Tue, 21 Aug 2012 15:05:19 +0000 (10:05 -0500)
committerStéphane Graber <stgraber@ubuntu.com>
Thu, 25 Oct 2012 08:07:30 +0000 (10:07 +0200)
Starting a container with insufficient privilege (correctly) fails
during lxc_init.  However, if starting a daemonized container, we
daemonize before we get to that check.  Therefore while the
container will fail to start, and the logfile will show this, the
'lxc-start -n x -d' command will return success.  For ease of
scripting, do a check for the required privilege before we exit.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
src/lxc/lxc_start.c

index 755944435fa6794ae0133730b38668a379b99089..81a5774c4672df89a8f48c323e364d91d33e9806 100644 (file)
@@ -199,9 +199,19 @@ int main(int argc, char *argv[])
                free(console);
        }
 
-       if (my_args.daemonize && daemon(0, 0)) {
-               SYSERROR("failed to daemonize '%s'", my_args.name);
-               return err;
+       if (my_args.daemonize) {
+               /* do an early check for needed privs, since otherwise the
+                * user won't see the error */
+
+               if (!lxc_caps_check()) {
+                       ERROR("Not running with sufficient privilege");
+                       return err;
+               }
+
+               if (daemon(0, 0)) {
+                       SYSERROR("failed to daemonize '%s'", my_args.name);
+                       return err;
+               }
        }
 
        if (my_args.close_all_fds)