Hide container-manager command and print out a warning when not called as root

src/anbox/cli.cpp

@@ -78,9 +78,11 @@ cli::Usage cli::Command::usage() const { return usage_; }
 
 cli::Description cli::Command::description() const { return description_; }
 
+bool cli::Command::hidden() const { return hidden_; }
+
 cli::Command::Command(const cli::Name& name, const cli::Usage& usage,
-                      const cli::Description& description)
-    : name_(name), usage_(usage), description_(description) {}
+                      const cli::Description& description, bool hidden)
+    : name_(name), usage_(usage), description_(description), hidden_(hidden) {}
 
 cli::CommandWithSubcommands::CommandWithSubcommands(
     const Name& name, const Usage& usage, const Description& description)
@@ -117,7 +119,7 @@ void cli::CommandWithSubcommands::help(std::ostream& out) {
     out << std::endl
         << pattern::commands << std::endl;
     for (const auto& cmd : commands_) {
-      if (cmd.second)
+      if (cmd.second && !cmd.second->hidden())
         out << boost::format(pattern::command) % cmd.second->name() %
                    cmd.second->description()
             << std::endl;
@@ -168,8 +170,8 @@ int cli::CommandWithSubcommands::run(const cli::Command::Context& ctxt) {
 }
 
 cli::CommandWithFlagsAndAction::CommandWithFlagsAndAction(
-    const Name& name, const Usage& usage, const Description& description)
-    : Command{name, usage, description} {}
+    const Name& name, const Usage& usage, const Description& description, bool hidden)
+    : Command{name, usage, description, hidden} {}
 
 cli::CommandWithFlagsAndAction& cli::CommandWithFlagsAndAction::flag(
     const Flag::Ptr& flag) {

src/anbox/cli.h

@@ -243,6 +243,9 @@ class Command : public DoNotCopyOrMove {
   /// @brief description returns a longer string explaining the command.
   virtual Description description() const;
 
+  /// @brief hidden returns if the command is hidden from the user or not.
+  virtual bool hidden() const;
+
   /// @brief run puts the command to execution.
   virtual int run(const Context& context) = 0;
 
@@ -252,7 +255,7 @@ class Command : public DoNotCopyOrMove {
  protected:
   /// @brief Command initializes a new instance with the given name, usage and
   /// description.
-  Command(const Name& name, const Usage& usage, const Description& description);
+  Command(const Name& name, const Usage& usage, const Description& description, bool hidden = false);
 
   /// @brief name adjusts the name of the command to n.
   // virtual void name(const Name& n);
@@ -265,6 +268,7 @@ class Command : public DoNotCopyOrMove {
   Name name_;
   Usage usage_;
   Description description_;
+  bool hidden_;
 };
 
 /// @brief CommandWithSubcommands implements Command, selecting one of a set of
@@ -275,7 +279,7 @@ class CommandWithSubcommands : public Command {
   typedef std::function<int(const Context&)> Action;
 
   /// @brief CommandWithSubcommands initializes a new instance with the given
-  /// name, usage and description
+  /// name, usage and description.
   CommandWithSubcommands(const Name& name, const Usage& usage,
                          const Description& description);
 
@@ -302,9 +306,9 @@ class CommandWithFlagsAndAction : public Command {
   typedef std::function<int(const Context&)> Action;
 
   /// @brief CommandWithFlagsAndAction initializes a new instance with the given
-  /// name, usage and description
+  /// name, usage and description. Optionally the command can be marked as hidden.
   CommandWithFlagsAndAction(const Name& name, const Usage& usage,
-                            const Description& description);
+                            const Description& description, bool hidden = false);
 
   /// @brief flag adds the given flag to the set of known flags.
   CommandWithFlagsAndAction& flag(const Flag::Ptr& flag);

src/anbox/cmds/container_manager.cpp

@@ -37,7 +37,7 @@ constexpr unsigned int unprivileged_user_id{100000};
 anbox::cmds::ContainerManager::ContainerManager()
     : CommandWithFlagsAndAction{
           cli::Name{"container-manager"}, cli::Usage{"container-manager"},
-          cli::Description{"Start the container manager service"}} {
+          cli::Description{"Start the container manager service"}, true} {
 
   flag(cli::make_flag(cli::Name{"android-image"},
                       cli::Description{"Path to the Android rootfs image file if not stored in the data path"},
@@ -51,6 +51,13 @@ anbox::cmds::ContainerManager::ContainerManager()
 
   action([&](const cli::Command::Context&) {
     try {
+      if (getuid() != 0) {
+        ERROR("You're not running the container-manager as root. Generally you don't");
+        ERROR("want to run the container-manager manually unless you're a developer");
+        ERROR("as it is started by the init system of your operating system.");
+        return EXIT_FAILURE;
+      }
+
       auto trap = core::posix::trap_signals_for_process(
           {core::posix::Signal::sig_term, core::posix::Signal::sig_int});
       trap->signal_raised().connect([trap](const core::posix::Signal& signal) {