[pve-devel] [PATCH container] pct attach: always run /bin/sh
Fabian Grünbichler
f.gruenbichler at proxmox.com
Mon Jul 29 16:43:11 CEST 2019
On Mon, Jul 29, 2019 at 10:59:09AM +0200, Wolfgang Bumiller wrote:
> By default lxc-attach will try to find the user's shell via
> getpwuid_r(), and if this fails will run `getent passwd
> $uid`.
>
> The first part is problematic in that it may try to
> dynamically load additional libraries at runtime, and,
> glibc/libnss in buster seem to be buggy in a way that causes
> a segfault instead of properly returning an error.
>
> For now, work around this by forcing the execution of
> /bin/sh instead.
After a bit of considerion, I think I'd actually prefer to fix this on
the LXC side (maybe as hotfix by patching out the problematic getpwuid_r
call? the fallback for getent also failing is to use /bin/sh ;))
/bin/sh is dash on Debian, and the root shell is usually bash, so this
patch as-is would change 'pct enter' behaviour quite dramatically for
many users..
>
> Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
> ---
> Also make the exec call more explicitly not spawn another shell...
>
> src/PVE/CLI/pct.pm | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/PVE/CLI/pct.pm b/src/PVE/CLI/pct.pm
> index 8807633..5303670 100755
> --- a/src/PVE/CLI/pct.pm
> +++ b/src/PVE/CLI/pct.pm
> @@ -161,7 +161,7 @@ __PACKAGE__->register_method ({
>
> die "Error: container '$vmid' not running!\n" if !PVE::LXC::check_running($vmid);
>
> - exec('lxc-attach', '-n', $vmid);
> + exec {'lxc-attach'} 'lxc-attach', '-n', $vmid, '--', '/bin/sh';
> }});
>
> __PACKAGE__->register_method ({
> --
> 2.20.1
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
More information about the pve-devel
mailing list