Commit graph

13 commits

Author SHA1 Message Date
Brandon Rhodes
43aa9bfb3e Avoid Timed out error when umask is 027 or 077
If LXC commands are run with a restrictive umask like 027 or 077, then
the root directory of new containers will lack read `r` and access `x`
permission for non-root users.  The first failure to result from this
during `vagrant up` is that the SSH daemon cannot read the crucial file
`/home/vagrant/.ssh/authorized_keys` after it drops privileges to the
level of the `vagrant` user.  The result is the familiar:

```
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
Timed out while waiting for the machine to boot. This means that
Vagrant was unable to communicate with the guest machine within
the configured ("config.vm.boot_timeout" value) time period.
```

So we should make sure that we run all LXC commands with a umask that at
least does not prevent group and world `r` and `x` bits from being set
in newly created files and directories.
2017-01-29 13:53:09 -05:00
Robert Heinzmann
544c061e65 Fix handling of non-fatal lxc-stop return code
Fixes #405
2016-05-11 16:50:29 -07:00
Robin Gloster
4c969a6ae7 fix sudo wrapper 2015-09-23 18:15:28 +00:00
Robin Gloster
4b78c04a47 Use /usr/bin/env CMD instead of hardcoded paths
This fixes commands that currently rely on hardcoded paths and break
on systems like NixOS that don't have all binaries in /usr/bin etc.
2015-08-02 10:15:55 +00:00
Fabio Rehm
d3b9d53097 driver/cli: Deal with namespaces args for lxc-attach when the sudo wrapper script is in place [GH-300] 2014-07-24 21:58:04 -03:00
Jef Mathiot
0eae5c0926 Removed unsecure calls to SudoWrapper#su_c. 2014-04-17 12:56:56 +02:00
Jef Mathiot
94e175dc07 sudoers command now creates a safe wrapper script.
Sudoers now creates a safe wrapper script that performs sanity checks on sudo :
* wrapper generated in /usr/local/bin (name includes version to allow multiple wrappers on the same system)
* sudoers command now generates a one-line file in /etc/sudoers.d
* SudoWrapper use the new wrapper
* Removed unused Config#validate method
2014-04-09 15:53:20 +02:00
Fabio Rehm
7e00b96520 Show something meaningful to the user in case the container already exists [GH-132] 2014-02-02 19:27:08 -02:00
Fabio Rehm
1c5c73b08a Fix sudo wrapper logger name 2013-11-06 01:10:40 -02:00
Vokhmin Alexey V
39515cc1da #157: small refactoring, updated specs 2013-10-12 02:15:12 +04:00
Vokhmin Alexey V
c5a89a54ce #157: Fixed: FetchIpFromDnsmasqLeases returns [] 2013-10-12 02:04:29 +04:00
Fabio Rehm
5f102d3e10 First stab at persisting lxc customizations on config file instead of using lxc-start "-s" parameter 2013-07-29 12:12:41 -03:00
Fabio Rehm
d62a053674 Add support for using a sudo wrapper script
Closes #90
2013-07-28 02:17:07 -03:00