[pve-devel] [PATCH container] fix #2655: don't forget to setup securetty for centos >= 7
Oguz Bektas
o.bektas at proxmox.com
Mon May 25 14:31:20 CEST 2020
On Mon, May 25, 2020 at 02:24:34PM +0200, Thomas Lamprecht wrote:
> On 5/25/20 2:15 PM, Oguz Bektas wrote:
> > in template_fixup we only call this method for version < 7, but greater
> > versions also need to allow lxc/tty[N] as secure.
> >
> > Signed-off-by: Oguz Bektas <o.bektas at proxmox.com>
> > ---
> > src/PVE/LXC/Setup/CentOS.pm | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/src/PVE/LXC/Setup/CentOS.pm b/src/PVE/LXC/Setup/CentOS.pm
> > index 1e6894b..757bc63 100644
> > --- a/src/PVE/LXC/Setup/CentOS.pm
> > +++ b/src/PVE/LXC/Setup/CentOS.pm
> > @@ -109,9 +109,10 @@ sub template_fixup {
> > my $data = $self->ct_file_get_contents($filename);
> > $data =~ s!^(/sbin/start_udev.*)$!#$1!gm;
> > $self->ct_file_set_contents($filename, $data);
> > -
> > # edit /etc/securetty (enable login on console)
> > $self->setup_securetty($conf);
> > + } else {
> > + $self->setup_securetty($conf);
> > }
>
> so a if-else both ending in the same statement.. Why not move it out and
> do that unconditionally after the if?
okay
>
> And it doesn't regresses for other CentOS versions and un/privileged combos?
worked fine after the patch, seems to fix the warnings and the
login problems for privileged containers (centos 7). unprivileged
containers work fine as before.
centos 8 template doesn't have /etc/securetty at all, so root login is
allowed by default.
>
> > }
> >
> >
>
More information about the pve-devel
mailing list