From 4a2ca8b2ba4b9820a3e3e26e2cf081c17d8737f9 Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serge.hallyn@canonical.com>
Date: Thu, 2 Feb 2012 15:54:53 -0600
Subject: [PATCH] lxc-start: exit early and cleanly if we have insufficient
 privs

Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
---
 src/lxc/caps.c  | 39 +++++++++++++++++++++++++++++++++++++++
 src/lxc/caps.h  |  1 +
 src/lxc/start.c |  7 +++++++
 3 files changed, 47 insertions(+)

diff --git a/src/lxc/caps.c b/src/lxc/caps.c
index 1610002ac..10a0b4aac 100644
--- a/src/lxc/caps.c
+++ b/src/lxc/caps.c
@@ -213,3 +213,42 @@ int lxc_caps_last_cap(void)
 
 	return last_cap;
 }
+
+/*
+ * check if we have the caps needed to start a container.  returns 1 on
+ * success, 0 on error.  (I'd prefer this be a bool, but am afraid that
+ * might fail to build on some distros).
+ */
+int lxc_caps_check(void)
+{
+	uid_t uid = getuid();
+	cap_t caps;
+	cap_flag_value_t value;
+	int i, ret;
+
+	cap_value_t needed_caps[] = { CAP_SYS_ADMIN, CAP_NET_ADMIN, CAP_SETUID, CAP_SETGID };
+
+#define NUMCAPS ((int) (sizeof(needed_caps) / sizeof(cap_t)))
+
+	if (!uid)
+		return 1;
+
+	caps = cap_get_proc();
+	if (!caps) {
+		ERROR("failed to cap_get_proc: %m");
+		return 0;
+	}
+
+	for (i=0; i<NUMCAPS; i++) {
+		ret = cap_get_flag(caps, needed_caps[i], CAP_EFFECTIVE, &value);
+		if (ret) {
+			ERROR("Failed to cap_get_flag: %m");
+			return 0;
+		}
+		if (!value) {
+			return 0;
+		}
+	}
+
+	return 1;
+}
diff --git a/src/lxc/caps.h b/src/lxc/caps.h
index e4e0d425e..0cf846083 100644
--- a/src/lxc/caps.h
+++ b/src/lxc/caps.h
@@ -27,6 +27,7 @@ extern int lxc_caps_reset(void);
 extern int lxc_caps_down(void);
 extern int lxc_caps_up(void);
 extern int lxc_caps_init(void);
+extern int lxc_caps_check(void);
 
 extern int lxc_caps_last_cap(void);
 
diff --git a/src/lxc/start.c b/src/lxc/start.c
index eb7d01f9b..91ce5fa82 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -319,10 +319,17 @@ out_sigfd:
 	return -1;
 }
 
+extern int lxc_caps_check(void);
+
 struct lxc_handler *lxc_init(const char *name, struct lxc_conf *conf)
 {
 	struct lxc_handler *handler;
 
+	if (!lxc_caps_check()) {
+		ERROR("Not running with sufficient privilege");
+		return NULL;
+	}
+
 	handler = malloc(sizeof(*handler));
 	if (!handler)
 		return NULL;
-- 
2.39.5