[pve-devel] [PATCH container] pct attach: always run /bin/sh

Wolfgang Bumiller w.bumiller at proxmox.com
Thu Aug 1 10:36:35 CEST 2019

On Mon, Jul 29, 2019 at 04:43:11PM +0200, Fabian Grünbichler wrote:
> On Mon, Jul 29, 2019 at 10:59:09AM +0200, Wolfgang Bumiller wrote:
> > By default lxc-attach will try to find the user's shell via
> > getpwuid_r(), and if this fails will run `getent passwd
> > $uid`.
> > 
> > The first part is problematic in that it may try to
> > dynamically load additional libraries at runtime, and,
> > glibc/libnss in buster seem to be buggy in a way that causes
> > a segfault instead of properly returning an error.
> > 
> > For now, work around this by forcing the execution of
> > /bin/sh instead.
> After a bit of considerion, I think I'd actually prefer to fix this on
> the LXC side (maybe as hotfix by patching out the problematic getpwuid_r
> call? the fallback for getent also failing is to use /bin/sh ;))
> /bin/sh is dash on Debian, and the root shell is usually bash, so this
> patch as-is would change 'pct enter' behaviour quite dramatically for
> many users..

And by 'fix' you mean always use `getent`? Because the "bug" here is in
glibc/libnss crashing instead of returning an error.

More information about the pve-devel mailing list