From 8a25e88454089fc1fa6850536b37978a8be1c994 Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Tue, 13 Aug 2019 14:01:27 +0200 Subject: [PATCH] fix issues with shell detection on attach Merge: attach: always use getent Commit message: In debian buster, some libnss plugins (if installed) can cause getpwent to segfault instead of erroring out cleanly. To avoid this, stick to always using getent. Signed-off-by: Wolfgang Bumiller --- ...ervice-start-after-a-potential-syslo.patch | 4 +- ...lxcnetaddbr-when-instantiating-veths.patch | 4 +- ...fig-deny-rw-mounting-of-sys-and-proc.patch | 6 +- ...the-limiting-from-the-namespaced-cgr.patch | 26 +++---- ...tutils-make-cgroupns-separation-leve.patch | 8 +- ...0006-PVE-Config-namespace-separation.patch | 6 +- ...ty-to-run-lxc-monitord-as-a-regular-.patch | 20 ++--- ...VE-Config-Disable-lxc.monitor-cgroup.patch | 4 +- ...-PVE-Config-attach-always-use-getent.patch | 78 +++++++++++++++++++ debian/patches/series | 1 + 10 files changed, 118 insertions(+), 39 deletions(-) create mode 100644 debian/patches/pve/0010-PVE-Config-attach-always-use-getent.patch diff --git a/debian/patches/pve/0001-PVE-Config-lxc.service-start-after-a-potential-syslo.patch b/debian/patches/pve/0001-PVE-Config-lxc.service-start-after-a-potential-syslo.patch index 634abee..967d9b0 100644 --- a/debian/patches/pve/0001-PVE-Config-lxc.service-start-after-a-potential-syslo.patch +++ b/debian/patches/pve/0001-PVE-Config-lxc.service-start-after-a-potential-syslo.patch @@ -10,7 +10,7 @@ Signed-off-by: Wolfgang Bumiller 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/init/systemd/lxc.service.in b/config/init/systemd/lxc.service.in -index cd619967..77541917 100644 +index cd6199671..77541917e 100644 --- a/config/init/systemd/lxc.service.in +++ b/config/init/systemd/lxc.service.in @@ -1,6 +1,6 @@ @@ -22,5 +22,5 @@ index cd619967..77541917 100644 Documentation=man:lxc-autostart man:lxc -- -2.11.0 +2.20.1 diff --git a/debian/patches/pve/0002-PVE-Down-run-lxcnetaddbr-when-instantiating-veths.patch b/debian/patches/pve/0002-PVE-Down-run-lxcnetaddbr-when-instantiating-veths.patch index 2bf6663..070c5e4 100644 --- a/debian/patches/pve/0002-PVE-Down-run-lxcnetaddbr-when-instantiating-veths.patch +++ b/debian/patches/pve/0002-PVE-Down-run-lxcnetaddbr-when-instantiating-veths.patch @@ -11,7 +11,7 @@ Signed-off-by: Wolfgang Bumiller 1 file changed, 5 insertions(+) diff --git a/src/lxc/network.c b/src/lxc/network.c -index d0f14e63..9337ad4d 100644 +index d0f14e632..9337ad4d9 100644 --- a/src/lxc/network.c +++ b/src/lxc/network.c @@ -195,6 +195,11 @@ static int instantiate_veth(struct lxc_handler *handler, struct lxc_netdev *netd @@ -27,5 +27,5 @@ index d0f14e63..9337ad4d 100644 DEBUG("Instantiated veth \"%s/%s\", index is \"%d\"", veth1, veth2, -- -2.11.0 +2.20.1 diff --git a/debian/patches/pve/0003-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch b/debian/patches/pve/0003-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch index 7f13f8c..74835c3 100644 --- a/debian/patches/pve/0003-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch +++ b/debian/patches/pve/0003-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch @@ -14,7 +14,7 @@ if a rw /sys is desired, set "lxc.mount.auto" accordingly 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/config/apparmor/abstractions/container-base b/config/apparmor/abstractions/container-base -index 07747655..fbd70fdf 100644 +index 077476559..fbd70fdf5 100644 --- a/config/apparmor/abstractions/container-base +++ b/config/apparmor/abstractions/container-base @@ -82,7 +82,6 @@ @@ -38,7 +38,7 @@ index 07747655..fbd70fdf 100644 # FIXME: This currently doesn't work due to the apparmor parser treating those as allowing all mounts. # mount options=(rw,make-slave) -> **, diff --git a/config/apparmor/abstractions/container-base.in b/config/apparmor/abstractions/container-base.in -index 1a3ead89..39abf348 100644 +index 1a3ead89a..39abf348c 100644 --- a/config/apparmor/abstractions/container-base.in +++ b/config/apparmor/abstractions/container-base.in @@ -82,7 +82,6 @@ @@ -62,5 +62,5 @@ index 1a3ead89..39abf348 100644 # FIXME: This currently doesn't work due to the apparmor parser treating those as allowing all mounts. # mount options=(rw,make-slave) -> **, -- -2.11.0 +2.20.1 diff --git a/debian/patches/pve/0004-PVE-Up-separate-the-limiting-from-the-namespaced-cgr.patch b/debian/patches/pve/0004-PVE-Up-separate-the-limiting-from-the-namespaced-cgr.patch index 792f717..e5670cf 100644 --- a/debian/patches/pve/0004-PVE-Up-separate-the-limiting-from-the-namespaced-cgr.patch +++ b/debian/patches/pve/0004-PVE-Up-separate-the-limiting-from-the-namespaced-cgr.patch @@ -15,16 +15,16 @@ being used in order to combat this. Signed-off-by: Wolfgang Bumiller --- - src/lxc/cgroups/cgfsng.c | 94 +++++++++++++++++++++++++++++++++++++++--------- - src/lxc/cgroups/cgroup.h | 18 +++++++--- - src/lxc/commands.c | 87 +++++++++++++++++++++++++++++++++----------- - src/lxc/commands.h | 2 ++ - src/lxc/criu.c | 4 +-- - src/lxc/start.c | 28 +++++++++++---- + src/lxc/cgroups/cgfsng.c | 94 +++++++++++++++++++++++++++++++++------- + src/lxc/cgroups/cgroup.h | 18 ++++++-- + src/lxc/commands.c | 87 ++++++++++++++++++++++++++++--------- + src/lxc/commands.h | 2 + + src/lxc/criu.c | 4 +- + src/lxc/start.c | 28 +++++++++--- 6 files changed, 183 insertions(+), 50 deletions(-) diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c -index ab99b47c..ac8f469b 100644 +index ab99b47c5..ac8f469bb 100644 --- a/src/lxc/cgroups/cgfsng.c +++ b/src/lxc/cgroups/cgfsng.c @@ -818,6 +818,7 @@ static struct hierarchy *add_hierarchy(struct hierarchy ***h, char **clist, char @@ -282,7 +282,7 @@ index ab99b47c..ac8f469b 100644 if (!path) continue; diff --git a/src/lxc/cgroups/cgroup.h b/src/lxc/cgroups/cgroup.h -index d4dcd506..59445b5a 100644 +index d4dcd506b..59445b5a5 100644 --- a/src/lxc/cgroups/cgroup.h +++ b/src/lxc/cgroups/cgroup.h @@ -32,6 +32,12 @@ @@ -339,7 +339,7 @@ index d4dcd506..59445b5a 100644 const char *lxcpath, pid_t pid); bool (*mount)(struct cgroup_ops *ops, struct lxc_handler *handler, diff --git a/src/lxc/commands.c b/src/lxc/commands.c -index 133384d7..b41a7600 100644 +index 133384d72..b41a76000 100644 --- a/src/lxc/commands.c +++ b/src/lxc/commands.c @@ -427,20 +427,8 @@ static int lxc_cmd_get_clone_flags_callback(int fd, struct lxc_cmd_req *req, @@ -465,7 +465,7 @@ index 133384d7..b41a7600 100644 if (cgroup_ops->unfreeze(cgroup_ops)) diff --git a/src/lxc/commands.h b/src/lxc/commands.h -index 2c024b65..7c4c00b1 100644 +index 2c024b65d..7c4c00b1e 100644 --- a/src/lxc/commands.h +++ b/src/lxc/commands.h @@ -88,6 +88,8 @@ extern int lxc_cmd_console(const char *name, int *ttynum, int *fd, @@ -478,7 +478,7 @@ index 2c024b65..7c4c00b1 100644 extern char *lxc_cmd_get_config_item(const char *name, const char *item, const char *lxcpath); extern char *lxc_cmd_get_name(const char *hashed_sock); diff --git a/src/lxc/criu.c b/src/lxc/criu.c -index 3d857b54..ec9bcb7e 100644 +index 3d857b541..ec9bcb7e4 100644 --- a/src/lxc/criu.c +++ b/src/lxc/criu.c @@ -332,7 +332,7 @@ static void exec_criu(struct cgroup_ops *cgroup_ops, struct lxc_conf *conf, @@ -500,7 +500,7 @@ index 3d857b54..ec9bcb7e 100644 goto out_fini_handler; } diff --git a/src/lxc/start.c b/src/lxc/start.c -index dae3bcfe..f3b29d6c 100644 +index dae3bcfe5..f3b29d6cd 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -1649,7 +1649,7 @@ static int lxc_spawn(struct lxc_handler *handler) @@ -561,5 +561,5 @@ index dae3bcfe..f3b29d6c 100644 /* Now we're ready to preserve the cgroup namespace */ ret = lxc_try_preserve_ns(handler->pid, "cgroup"); -- -2.11.0 +2.20.1 diff --git a/debian/patches/pve/0005-PVE-Up-start-initutils-make-cgroupns-separation-leve.patch b/debian/patches/pve/0005-PVE-Up-start-initutils-make-cgroupns-separation-leve.patch index 23497c5..1bae3be 100644 --- a/debian/patches/pve/0005-PVE-Up-start-initutils-make-cgroupns-separation-leve.patch +++ b/debian/patches/pve/0005-PVE-Up-start-initutils-make-cgroupns-separation-leve.patch @@ -17,7 +17,7 @@ Signed-off-by: Wolfgang Bumiller 3 files changed, 24 insertions(+), 19 deletions(-) diff --git a/src/lxc/initutils.c b/src/lxc/initutils.c -index 11c80866..8b5e2542 100644 +index 11c808662..8b5e2542a 100644 --- a/src/lxc/initutils.c +++ b/src/lxc/initutils.c @@ -63,14 +63,15 @@ static char *copy_global_config_value(char *p) @@ -45,7 +45,7 @@ index 11c80866..8b5e2542 100644 }; diff --git a/src/lxc/initutils.h b/src/lxc/initutils.h -index 6bf23a70..b542e601 100644 +index 6bf23a706..b542e6015 100644 --- a/src/lxc/initutils.h +++ b/src/lxc/initutils.h @@ -42,6 +42,7 @@ @@ -57,7 +57,7 @@ index 6bf23a70..b542e601 100644 #ifndef PR_SET_MM #define PR_SET_MM 35 diff --git a/src/lxc/start.c b/src/lxc/start.c -index f3b29d6c..1cf792aa 100644 +index f3b29d6cd..1cf792aa2 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -1820,17 +1820,20 @@ static int lxc_spawn(struct lxc_handler *handler) @@ -93,5 +93,5 @@ index f3b29d6c..1cf792aa 100644 } -- -2.11.0 +2.20.1 diff --git a/debian/patches/pve/0006-PVE-Config-namespace-separation.patch b/debian/patches/pve/0006-PVE-Config-namespace-separation.patch index fa6da72..396be8d 100644 --- a/debian/patches/pve/0006-PVE-Config-namespace-separation.patch +++ b/debian/patches/pve/0006-PVE-Config-namespace-separation.patch @@ -13,7 +13,7 @@ Signed-off-by: Wolfgang Bumiller 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lxc/cgroups/cgroup.h b/src/lxc/cgroups/cgroup.h -index 59445b5a..7d6135c1 100644 +index 59445b5a5..7d6135c19 100644 --- a/src/lxc/cgroups/cgroup.h +++ b/src/lxc/cgroups/cgroup.h @@ -36,7 +36,7 @@ @@ -26,7 +26,7 @@ index 59445b5a..7d6135c1 100644 struct lxc_handler; struct lxc_conf; diff --git a/src/lxc/initutils.h b/src/lxc/initutils.h -index b542e601..78d3f2b1 100644 +index b542e6015..78d3f2b10 100644 --- a/src/lxc/initutils.h +++ b/src/lxc/initutils.h @@ -42,7 +42,7 @@ @@ -39,5 +39,5 @@ index b542e601..78d3f2b1 100644 #ifndef PR_SET_MM #define PR_SET_MM 35 -- -2.11.0 +2.20.1 diff --git a/debian/patches/pve/0007-PVE-Up-possibility-to-run-lxc-monitord-as-a-regular-.patch b/debian/patches/pve/0007-PVE-Up-possibility-to-run-lxc-monitord-as-a-regular-.patch index 5f1bdb6..5c70fe1 100644 --- a/debian/patches/pve/0007-PVE-Up-possibility-to-run-lxc-monitord-as-a-regular-.patch +++ b/debian/patches/pve/0007-PVE-Up-possibility-to-run-lxc-monitord-as-a-regular-.patch @@ -11,16 +11,16 @@ can be avoided by leaving it running permanently. Signed-off-by: Wolfgang Bumiller --- .gitignore | 1 + - config/init/systemd/Makefile.am | 10 +++-- - config/init/systemd/lxc-monitord.service.in | 12 ++++++ + config/init/systemd/Makefile.am | 10 ++-- + config/init/systemd/lxc-monitord.service.in | 12 +++++ configure.ac | 1 + lxc.spec.in | 1 + - src/lxc/cmd/lxc_monitord.c | 60 +++++++++++++++++++++-------- + src/lxc/cmd/lxc_monitord.c | 60 +++++++++++++++------ 6 files changed, 64 insertions(+), 21 deletions(-) create mode 100644 config/init/systemd/lxc-monitord.service.in diff --git a/.gitignore b/.gitignore -index 45377714..69e6e7ff 100644 +index 45377714c..69e6e7ffe 100644 --- a/.gitignore +++ b/.gitignore @@ -116,6 +116,7 @@ config/bash/lxc @@ -32,7 +32,7 @@ index 45377714..69e6e7ff 100644 config/init/systemd/lxc.service config/init/systemd/lxc@.service diff --git a/config/init/systemd/Makefile.am b/config/init/systemd/Makefile.am -index c448850d..4a4fde5e 100644 +index c448850d1..4a4fde5e7 100644 --- a/config/init/systemd/Makefile.am +++ b/config/init/systemd/Makefile.am @@ -2,19 +2,21 @@ EXTRA_DIST = \ @@ -63,7 +63,7 @@ index c448850d..4a4fde5e 100644 pkglibexec_SCRIPTS = lxc-apparmor-load diff --git a/config/init/systemd/lxc-monitord.service.in b/config/init/systemd/lxc-monitord.service.in new file mode 100644 -index 00000000..40635168 +index 000000000..406351688 --- /dev/null +++ b/config/init/systemd/lxc-monitord.service.in @@ -0,0 +1,12 @@ @@ -80,7 +80,7 @@ index 00000000..40635168 +[Install] +WantedBy=multi-user.target diff --git a/configure.ac b/configure.ac -index 9a6ba83c..9f3b8fb3 100644 +index 9a6ba83c2..9f3b8fb3c 100644 --- a/configure.ac +++ b/configure.ac @@ -747,6 +747,7 @@ AC_CONFIG_FILES([ @@ -92,7 +92,7 @@ index 9a6ba83c..9f3b8fb3 100644 config/init/sysvinit/lxc-containers config/init/sysvinit/lxc-net diff --git a/lxc.spec.in b/lxc.spec.in -index 7fcd811f..59597f46 100644 +index 7fcd811ff..59597f469 100644 --- a/lxc.spec.in +++ b/lxc.spec.in @@ -247,6 +247,7 @@ fi @@ -104,7 +104,7 @@ index 7fcd811f..59597f46 100644 %{_sysconfdir}/rc.d/init.d/lxc %{_sysconfdir}/rc.d/init.d/lxc-net diff --git a/src/lxc/cmd/lxc_monitord.c b/src/lxc/cmd/lxc_monitord.c -index 3b931b36..d3cc3597 100644 +index 3b931b361..d3cc35978 100644 --- a/src/lxc/cmd/lxc_monitord.c +++ b/src/lxc/cmd/lxc_monitord.c @@ -359,17 +359,44 @@ static void lxc_monitord_sig_handler(int sig) @@ -203,5 +203,5 @@ index 3b931b36..d3cc3597 100644 ERROR("mainloop returned an error"); break; -- -2.11.0 +2.20.1 diff --git a/debian/patches/pve/0008-PVE-Config-Disable-lxc.monitor-cgroup.patch b/debian/patches/pve/0008-PVE-Config-Disable-lxc.monitor-cgroup.patch index d6e0bdb..263c16e 100644 --- a/debian/patches/pve/0008-PVE-Config-Disable-lxc.monitor-cgroup.patch +++ b/debian/patches/pve/0008-PVE-Config-Disable-lxc.monitor-cgroup.patch @@ -13,7 +13,7 @@ Signed-off-by: Wolfgang Bumiller 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/lxc/start.c b/src/lxc/start.c -index 1cf792aa..24f387de 100644 +index 1cf792aa2..24f387de6 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -1954,15 +1954,15 @@ int __lxc_start(const char *name, struct lxc_handler *handler, @@ -42,5 +42,5 @@ index 1cf792aa..24f387de 100644 if (geteuid() == 0 && !lxc_list_empty(&conf->id_map)) { /* If the backing store is a device, mount it here and now. */ -- -2.11.0 +2.20.1 diff --git a/debian/patches/pve/0010-PVE-Config-attach-always-use-getent.patch b/debian/patches/pve/0010-PVE-Config-attach-always-use-getent.patch new file mode 100644 index 0000000..a96d4c4 --- /dev/null +++ b/debian/patches/pve/0010-PVE-Config-attach-always-use-getent.patch @@ -0,0 +1,78 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Wolfgang Bumiller +Date: Tue, 13 Aug 2019 13:57:22 +0200 +Subject: [PATCH] PVE: [Config] attach: always use getent + +In debian buster, some libnss plugins (if installed) can +cause getpwent to segfault instead of erroring out cleanly. +To avoid this, stick to always using getent. + +Signed-off-by: Wolfgang Bumiller +--- + src/lxc/attach.c | 29 ++--------------------------- + 1 file changed, 2 insertions(+), 27 deletions(-) + +diff --git a/src/lxc/attach.c b/src/lxc/attach.c +index 117e3778f..8b34a412e 100644 +--- a/src/lxc/attach.c ++++ b/src/lxc/attach.c +@@ -1548,11 +1548,7 @@ int lxc_attach_run_command(void *payload) + int lxc_attach_run_shell(void* payload) + { + uid_t uid; +- struct passwd pwent; +- struct passwd *pwentp = NULL; + char *user_shell; +- char *buf; +- size_t bufsize; + int ret; + + /* Ignore payload parameter. */ +@@ -1560,32 +1556,13 @@ int lxc_attach_run_shell(void* payload) + + uid = getuid(); + +- bufsize = sysconf(_SC_GETPW_R_SIZE_MAX); +- if (bufsize == -1) +- bufsize = 1024; +- +- buf = malloc(bufsize); +- if (buf) { +- ret = getpwuid_r(uid, &pwent, buf, bufsize, &pwentp); +- if (!pwentp) { +- if (ret == 0) +- WARN("Could not find matched password record"); +- +- WARN("Failed to get password record - %u", uid); +- } +- } +- + /* This probably happens because of incompatible nss implementations in + * host and container (remember, this code is still using the host's + * glibc but our mount namespace is in the container) we may try to get + * the information by spawning a [getent passwd uid] process and parsing + * the result. + */ +- if (!pwentp) +- user_shell = lxc_attach_getpwshell(uid); +- else +- user_shell = pwent.pw_shell; +- ++ user_shell = lxc_attach_getpwshell(uid); + if (user_shell) + execlp(user_shell, user_shell, (char *)NULL); + +@@ -1595,9 +1572,7 @@ int lxc_attach_run_shell(void* payload) + execlp("/bin/sh", "/bin/sh", (char *)NULL); + + SYSERROR("Failed to execute shell"); +- if (!pwentp) +- free(user_shell); ++ free(user_shell); + +- free(buf); + return -1; + } +-- +2.20.1 + diff --git a/debian/patches/series b/debian/patches/series index d25371a..622174c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -7,6 +7,7 @@ pve/0006-PVE-Config-namespace-separation.patch pve/0007-PVE-Up-possibility-to-run-lxc-monitord-as-a-regular-.patch pve/0008-PVE-Config-Disable-lxc.monitor-cgroup.patch pve/0009-init-add-ExecReload-to-lxc.service-to-only-reload-pr.patch +pve/0010-PVE-Config-attach-always-use-getent.patch extra/0001-conf-use-SYSERROR-on-lxc_write_to_file-errors.patch extra/0002-Revert-conf-remove-extra-MS_BIND-with-sysfs-mixed.patch extra/0003-CVE-2019-5736-runC-rexec-callers-as-memfd.patch -- 2.39.2