Ensure non-root can read /proc/meminfo file in LXC containers

By default files in a FUSE mount can only be accessed by the user which created them, even if the file permissions would otherwise allow it. To allow other users to access the FUSE mount the 'allow_other' mount option must be used. This bug prevented non-root users in an LXC container from reading the /proc/meminfo file. https://bugzilla.redhat.com/show_bug.cgi?id=967977Signed-off-by: N Daniel P. Berrange <berrange@redhat.com>

Ensure non-root can read /proc/meminfo file in LXC containers
By default files in a FUSE mount can only be accessed by the user which created them, even if the file permissions would otherwise allow it. To allow other users to access the FUSE mount the 'allow_other' mount option must be used. This bug prevented non-root users in an LXC container from reading the /proc/meminfo file. https://bugzilla.redhat.com/show_bug.cgi?id=967977Signed-off-by: N Daniel P. Berrange <berrange@redhat.com>
922ebe4e · Daniel P. Berrange · 61e672b2 · 922ebe4e
隐藏空白更改
内联并排

Showing with 1 addition and 0 deletion

src/lxc/lxc_fuse.c src/lxc/lxc_fuse.c +1 -0

未找到文件。
--- a/src/lxc/lxc_fuse.c
+++ b/src/lxc/lxc_fuse.c
@@ -307,6 +307,7 @@ int lxcSetupFuse(virLXCFusePtr *f, virDomainDefPtr def)
    /* process name is libvirt_lxc */
    if (fuse_opt_add_arg(&args, "libvirt_lxc") == -1 ||
        fuse_opt_add_arg(&args, "-odirect_io") == -1 ||
+        fuse_opt_add_arg(&args, "-oallow_other") == -1 ||
        fuse_opt_add_arg(&args, "-ofsname=libvirt") == -1)
        goto cleanup1;