[pve-devel] applied: [PATCH container v3] Create: fix architecture detection in restore_archive
Wolfgang Bumiller
w.bumiller at proxmox.com
Fri Feb 17 09:08:11 CET 2017
applied
On Thu, Feb 16, 2017 at 05:55:29PM +0100, Thomas Lamprecht wrote:
> For detecting a CT templates architecture we used the `file -b -L`
> output from the PVE host side.
> If the container has a link:
> /bin/sh -> /bin/bash
> (Alpine Linux does that, for example) the '-L' flag from file
> resolves the $rootfs/bin/sh to /bin/bash and thus checks the
> architecture of bash on the PVE system, which is always 64 bit.
>
> Add a helper which chroots in the rootfs to avoid problems with
> absolute symlinks and use 'open' to avoid relative symlink problems
> read the first 5 bytes from /bin/sh, 4 bytes for the ELF magic number
> and the fifth for the ELF class, which tells us if we have a 32
> (class 1) or 64 (class 2) bit ELF binary.
>
> Return this information as an exit code to the parent.
>
> Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
> ---
>
> changes v2 -> v3:
> * add check for whenn waitpid could be interupted by a signal
>
> The refactoring out of common components from this and
> LXC::Setup::protected_call is, imo, currently not really useful
> as while both have a fork and chroot call they handle a lot different besides
> that.
>
> Here I communicate the class over the exit code from the child, incorporating
> or allowing this in a general forked_call seems not feasible as such behavior
> is really specific and not easily merge able with such a generic written method
> as protected_call is, imo.
>
> Also the protected call needs recursion protection, and adds devices in the
> chroot environment, this can be done nonetheless but with this restrictions the
> end result seems worse than just letting both, protected_call and get_elf_class
> coexist.
>
> src/PVE/LXC/Create.pm | 71 ++++++++++++++++++++++++++++++++++++++++-----------
> 1 file changed, 56 insertions(+), 15 deletions(-)
>
> diff --git a/src/PVE/LXC/Create.pm b/src/PVE/LXC/Create.pm
> index 1f1ece1..d93159c 100644
> --- a/src/PVE/LXC/Create.pm
> +++ b/src/PVE/LXC/Create.pm
> @@ -11,6 +11,7 @@ use PVE::LXC;
> use PVE::LXC::Setup;
> use PVE::VZDump::ConvertOVZ;
> use PVE::Tools;
> +use POSIX;
>
> sub next_free_nbd_dev {
>
> @@ -23,6 +24,49 @@ sub next_free_nbd_dev {
> die "unable to find free nbd device\n";
> }
>
> +sub get_elf_class {
> + my ($rootdir, $elf_fn) = @_;
> +
> + my $child_pid = fork();
> + die "fork failed: $!\n" if !defined($child_pid);
> +
> + if (!$child_pid) {
> + # chroot avoids a problem where we check the binary of the host system
> + # if $elf_fn is an absolut symlink (e.g. $rootdir/bin/sh -> /bin/bash)
> + chroot($rootdir) or die "chroot '$rootdir' failed: $!\n";
> + chdir('/') or die "failed to change to root directory\n";
> +
> + my $fh;
> + open($fh, "<", $elf_fn) or die "open '$elf_fn' failed: $!\n";
> + binmode($fh);
> +
> + my $data;
> + my $length = read($fh, $data, 5);
> + die "read failed: $!\n" if !defined($length);
> +
> + # 4 bytes ELF magic number and 1 byte ELF class
> + my ($magic, $class) = unpack("A4C", $data);
> +
> + die "'$elf_fn' does not resolve to an ELF!\n"
> + if (!defined($class) || !defined($magic) || $magic ne "\177ELF");
> +
> + die "'$elf_fn' has unknown ELF class '$class'!\n"
> + if ($class != 1 && $class != 2);
> +
> + POSIX::_exit($class);
> + }
> +
> + while (waitpid($child_pid, 0) != $child_pid) {}
> + my $exit_code = $?;
> + if (my $sig = ($exit_code & 127)) {
> + warn "could not get architecture, got signal $sig\n";
> + } else {
> + $exit_code >>= 8;
> + }
> +
> + return $exit_code;
> +}
> +
> sub restore_archive {
> my ($archive, $rootdir, $conf, $no_unpack_error) = @_;
>
> @@ -53,21 +97,18 @@ sub restore_archive {
> # if arch is set, we do not try to autodetect it
> return if defined($conf->{arch});
>
> - # determine file type of /usr/bin/file itself to get guests' architecture
> - $cmd = [@$userns_cmd, '/usr/bin/file', '-b', '-L', "$rootdir/bin/sh"];
> - PVE::Tools::run_command($cmd, outfunc => sub {
> - shift =~ /^ELF (\d{2}-bit)/; # safely assumes x86 linux
> - my $arch_str = $1;
> - $conf->{'arch'} = 'amd64'; # defaults to 64bit
> - if(defined($arch_str)) {
> - $conf->{'arch'} = 'i386' if $arch_str =~ /32/;
> - print "Detected container architecture: $conf->{'arch'}\n";
> - } else {
> - print "CT architecture detection failed, falling back to amd64.\n" .
> - "Edit the config in /etc/pve/nodes/{node}/lxc/{vmid}.conf " .
> - "to set another architecture.\n";
> - }
> - });
> +
> + my $elf_class = get_elf_class($rootdir, '/bin/sh'); # /bin/sh is POSIX mandatory
> +
> + $conf->{'arch'} = 'amd64'; # defaults to 64bit
> + if ($elf_class == 1 || $elf_class == 2) {
> + $conf->{'arch'} = 'i386' if $elf_class == 1;
> + print "Detected container architecture: $conf->{'arch'}\n";
> + } else {
> + print "CT architecture detection failed, falling back to amd64.\n" .
> + "Edit the config in /etc/pve/nodes/{node}/lxc/{vmid}.conf " .
> + "to set another architecture.\n";
> + }
> }
>
> sub recover_config {
> --
> 2.1.4
More information about the pve-devel
mailing list