[pve-devel] [PATCH container] pct attach: always run /bin/sh

Fabian Grünbichler f.gruenbichler at proxmox.com
Thu Aug 1 11:16:17 CEST 2019


On Thu, Aug 01, 2019 at 10:36:35AM +0200, Wolfgang Bumiller wrote:
> On Mon, Jul 29, 2019 at 04:43:11PM +0200, Fabian Grünbichler wrote:
> > On Mon, Jul 29, 2019 at 10:59:09AM +0200, Wolfgang Bumiller wrote:
> > > By default lxc-attach will try to find the user's shell via
> > > getpwuid_r(), and if this fails will run `getent passwd
> > > $uid`.
> > > 
> > > The first part is problematic in that it may try to
> > > dynamically load additional libraries at runtime, and,
> > > glibc/libnss in buster seem to be buggy in a way that causes
> > > a segfault instead of properly returning an error.
> > > 
> > > For now, work around this by forcing the execution of
> > > /bin/sh instead.
> > 
> > After a bit of considerion, I think I'd actually prefer to fix this on
> > the LXC side (maybe as hotfix by patching out the problematic getpwuid_r
> > call? the fallback for getent also failing is to use /bin/sh ;))
> > 
> > /bin/sh is dash on Debian, and the root shell is usually bash, so this
> > patch as-is would change 'pct enter' behaviour quite dramatically for
> > many users..
> 
> And by 'fix' you mean always use `getent`? Because the "bug" here is in
> glibc/libnss crashing instead of returning an error.

yes. s/fix/work around/ ;)



More information about the pve-devel mailing list