Improve behaviour for unprivileged users

This mostly changes two things:
 - Only log to the container's logfile on start/stop/restart/execute
 - Call may_control() every time we use the API and return
   "Insufficient privileges" on failure.

NOTE: I didn't test every single one of those but I'm fairly confident
      in my copy/paste abilities and I confirmed they all build fine at least.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

src/lxc/lxc_attach.c

@@ -188,6 +188,9 @@ int main(int argc, char *argv[])
 	if (ret)
 		return ret;
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			   my_args.progname, my_args.quiet, my_args.lxcpath[0]);
 	if (ret)

src/lxc/lxc_cgroup.c

@@ -70,6 +70,9 @@ int main(int argc, char *argv[])
 	if (lxc_arguments_parse(&my_args, argc, argv))
 		return -1;
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			 my_args.progname, my_args.quiet, my_args.lxcpath[0]))
 		return -1;
@@ -79,6 +82,12 @@ int main(int argc, char *argv[])
 	c = lxc_container_new(my_args.name, my_args.lxcpath[0]);
 	if (!c)
 		return -1;
+
+	if (!c->may_control(c)) {
+		ERROR("Insufficent privileges to control %s:%s", my_args.lxcpath[0], my_args.name);
+		return -1;
+	}
+
 	if (!c->is_running(c)) {
 		ERROR("'%s:%s' is not running", my_args.lxcpath[0], my_args.name);
 		lxc_container_put(c);

src/lxc/lxc_checkpoint.c

@@ -115,6 +115,9 @@ int main(int argc, char *argv[])
 	if (ret)
 		return ret;
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			   my_args.progname, my_args.quiet, my_args.lxcpath[0]);
 	if (ret)

src/lxc/lxc_clone.c

@@ -160,6 +160,12 @@ int main(int argc, char *argv[])
 	c1 = lxc_container_new(orig, lxcpath);
 	if (!c1)
 		exit(1);
+
+	if (!c1->may_control(c1)) {
+		fprintf(stderr, "Insufficent privileges to control %s\n", orig);
+		return -1;
+	}
+
 	if (!c1->is_defined(c1)) {
 		fprintf(stderr, "Error: container %s is not defined\n", orig);
 		lxc_container_put(c1);

src/lxc/lxc_console.c

@@ -97,6 +97,9 @@ int main(int argc, char *argv[])
 	if (ret)
 		return EXIT_FAILURE;
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			   my_args.progname, my_args.quiet, my_args.lxcpath[0]);
 	if (ret)
@@ -108,6 +111,11 @@ int main(int argc, char *argv[])
 		exit(EXIT_FAILURE);
 	}
 
+	if (!c->may_control(c)) {
+		fprintf(stderr, "Insufficent privileges to control %s\n", my_args.name);
+		return -1;
+	}
+
 	if (!c->is_running(c)) {
 		fprintf(stderr, "%s is not running\n", my_args.name);
 		exit(EXIT_FAILURE);

src/lxc/lxc_create.c

@@ -174,6 +174,9 @@ int main(int argc, char *argv[])
 	if (lxc_arguments_parse(&my_args, argc, argv))
 		exit(1);
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			 my_args.progname, my_args.quiet, my_args.lxcpath[0]))
 		exit(1);

src/lxc/lxc_destroy.c

@@ -74,6 +74,9 @@ int main(int argc, char *argv[])
 	if (lxc_arguments_parse(&my_args, argc, argv))
 		exit(1);
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			 my_args.progname, my_args.quiet, my_args.lxcpath[0]))
 		exit(1);
@@ -84,6 +87,11 @@ int main(int argc, char *argv[])
 		exit(1);
 	}
 
+	if (!c->may_control(c)) {
+		fprintf(stderr, "Insufficent privileges to control %s\n", my_args.name);
+		return -1;
+	}
+
 	if (!c->is_defined(c)) {
 		fprintf(stderr, "Container is not defined\n");
 		lxc_container_put(c);

src/lxc/lxc_freeze.c

@@ -59,6 +59,9 @@ int main(int argc, char *argv[])
 	if (lxc_arguments_parse(&my_args, argc, argv))
 		exit(1);
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			 my_args.progname, my_args.quiet, my_args.lxcpath[0]))
 		exit(1);
@@ -69,6 +72,11 @@ int main(int argc, char *argv[])
 		exit(1);
 	}
 
+	if (!c->may_control(c)) {
+		ERROR("Insufficent privileges to control %s:%s", my_args.lxcpath[0], my_args.name);
+		return -1;
+	}
+
 	if (!c->freeze(c)) {
 		ERROR("Failed to freeze %s:%s", my_args.lxcpath[0], my_args.name);
 		lxc_container_put(c);

src/lxc/lxc_info.c

@@ -96,6 +96,9 @@ int main(int argc, char *argv[])
 	if (lxc_arguments_parse(&my_args, argc, argv))
 		return -1;
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			 my_args.progname, my_args.quiet, my_args.lxcpath[0]))
 		return -1;
@@ -104,6 +107,11 @@ int main(int argc, char *argv[])
 	if (!c)
 		return -1;
 
+	if (!c->may_control(c)) {
+		fprintf(stderr, "Insufficent privileges to control %s\n", c->name);
+		return -1;
+	}
+
 	if (!state && !pid && !ips && keys <= 0)
 		state = pid = ips = true;
 

src/lxc/lxc_kill.c

@@ -61,6 +61,9 @@ int main(int argc, char *argv[], char *envp[])
 	if (ret)
 		return ret;
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			   my_args.progname, my_args.quiet, my_args.lxcpath[0]);
 	if (ret)

src/lxc/lxc_monitor.c

@@ -67,6 +67,9 @@ int main(int argc, char *argv[])
 	if (lxc_arguments_parse(&my_args, argc, argv))
 		return -1;
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			 my_args.progname, my_args.quiet, my_args.lxcpath[0]))
 		return -1;

src/lxc/lxc_snapshot.c

@@ -160,6 +160,9 @@ int main(int argc, char *argv[])
 	if (lxc_arguments_parse(&my_args, argc, argv))
 		exit(1);
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	if (my_args.argc > 1) {
 		ERROR("Too many arguments");
 		return -1;
@@ -184,6 +187,11 @@ int main(int argc, char *argv[])
 		exit(1);
 	}
 
+	if (!c->may_control(c)) {
+		fprintf(stderr, "Insufficent privileges to control %s\n", my_args.name);
+		return -1;
+	}
+
 	switch(action) {
 	case DO_SNAP:
 		ret = do_snapshot(c);

src/lxc/lxc_stop.c

@@ -145,6 +145,11 @@ int main(int argc, char *argv[])
 		goto out;
 	}
 
+	if (!c->may_control(c)) {
+		fprintf(stderr, "Insufficent privileges to control %s\n", c->name);
+		goto out;
+	}
+
 	if (!c->is_running(c)) {
 		fprintf(stderr, "%s is not running\n", c->name);
 		ret = 2;

src/lxc/lxc_unfreeze.c

@@ -58,6 +58,9 @@ int main(int argc, char *argv[])
 	if (lxc_arguments_parse(&my_args, argc, argv))
 		exit(1);
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			 my_args.progname, my_args.quiet, my_args.lxcpath[0]))
 		exit(1);
@@ -68,6 +71,11 @@ int main(int argc, char *argv[])
 		exit(1);
 	}
 
+	if (!c->may_control(c)) {
+		ERROR("Insufficent privileges to control %s:%s", my_args.lxcpath[0], my_args.name);
+		return -1;
+	}
+
 	if (!c->unfreeze(c)) {
 		ERROR("Failed to unfreeze %s:%s", my_args.lxcpath[0], my_args.name);
 		lxc_container_put(c);

src/lxc/lxc_wait.c

@@ -85,6 +85,9 @@ int main(int argc, char *argv[])
 	if (lxc_arguments_parse(&my_args, argc, argv))
 		return -1;
 
+	if (!my_args.log_file)
+		my_args.log_file = "none";
+
 	if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
 			 my_args.progname, my_args.quiet, my_args.lxcpath[0]))
 		return -1;
@@ -93,6 +96,11 @@ int main(int argc, char *argv[])
 	if (!c)
 		return -1;
 
+	if (!c->may_control(c)) {
+		fprintf(stderr, "Insufficent privileges to control %s\n", c->name);
+		return -1;
+	}
+
 	if (!c->wait(c, my_args.states, my_args.timeout)) {
 		lxc_container_put(c);
 		return -1;