"Default" configuration may destroy host systemlxc_0_6_4-gentoo-1

If you're running (by mistake or typo) (via lxc-start) container that does not
exists it will run with lxc.rootfs=/, meaning that /sbin/init will
restart initialization procedure, efficiently messing host's system,
that may lead to unpredictable results or even destroy (make inaccessible) host
system (by reseting network configuration or something like that).

(Actually, it _did_ destroy system of everyone who tested this).

Actually, I finally lost any meaning of having such a feature for
full-system containers. You may not use hosts's FS - it's described at
above. You may not use some temporary directory - that's nonsense.

This patch forbinds starting container via lxc-start without rcfile and
custom start program, but probably it fixes only small part of problem.
I really don't see much sense in such a feature without ability of
overriding 'default' setting with command line switches. Anyway, default
behaviour should be as save as possible.

Signed-off-by: Andrian Nord <NightNord@gmail.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

1 files changed, 5 insertions, 0 deletions

diff --git a/src/lxc/lxc_start.c b/src/lxc/lxc_start.c
index b8d03e8..d2471eb 100644
--- a/src/lxc/lxc_start.c
+++ b/src/lxc/lxc_start.c
@@ -173,6 +173,11 @@ int main(int argc, char *argv[])
 		return err;
 	}
 
+	if (!rcfile && !strcmp("/sbin/init", args[0])) {
+		ERROR("no configuration file for '/sbin/init' (may crash the host)");
+		return err;
+	}
+
 	if (my_args.daemonize) {
 
                 /* do not chdir as we want to open the log file,