fix issues with shell detection on attach

Merge: attach: always use getent

Commit message:
In debian buster, some libnss plugins (if installed) can
cause getpwent to segfault instead of erroring out cleanly.
To avoid this, stick to always using getent.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

debian/patches/pve/0001-PVE-Config-lxc.service-start-after-a-potential-syslo.patch

@@ -10,7 +10,7 @@ Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/config/init/systemd/lxc.service.in b/config/init/systemd/lxc.service.in
-index cd619967..77541917 100644
+index cd6199671..77541917e 100644
 --- a/config/init/systemd/lxc.service.in
 +++ b/config/init/systemd/lxc.service.in
 @@ -1,6 +1,6 @@
@@ -22,5 +22,5 @@ index cd619967..77541917 100644
  Documentation=man:lxc-autostart man:lxc
  
 -- 
-2.11.0
+2.20.1
 

debian/patches/pve/0002-PVE-Down-run-lxcnetaddbr-when-instantiating-veths.patch

@@ -11,7 +11,7 @@ Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
  1 file changed, 5 insertions(+)
 
 diff --git a/src/lxc/network.c b/src/lxc/network.c
-index d0f14e63..9337ad4d 100644
+index d0f14e632..9337ad4d9 100644
 --- a/src/lxc/network.c
 +++ b/src/lxc/network.c
 @@ -195,6 +195,11 @@ static int instantiate_veth(struct lxc_handler *handler, struct lxc_netdev *netd
@@ -27,5 +27,5 @@ index d0f14e63..9337ad4d 100644
  
  	DEBUG("Instantiated veth \"%s/%s\", index is \"%d\"", veth1, veth2,
 -- 
-2.11.0
+2.20.1
 

debian/patches/pve/0003-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch

@@ -14,7 +14,7 @@ if a rw /sys is desired, set "lxc.mount.auto" accordingly
  2 files changed, 10 insertions(+), 2 deletions(-)
 
 diff --git a/config/apparmor/abstractions/container-base b/config/apparmor/abstractions/container-base
-index 07747655..fbd70fdf 100644
+index 077476559..fbd70fdf5 100644
 --- a/config/apparmor/abstractions/container-base
 +++ b/config/apparmor/abstractions/container-base
 @@ -82,7 +82,6 @@
@@ -38,7 +38,7 @@ index 07747655..fbd70fdf 100644
    # FIXME: This currently doesn't work due to the apparmor parser treating those as allowing all mounts.
  #  mount options=(rw,make-slave) -> **,
 diff --git a/config/apparmor/abstractions/container-base.in b/config/apparmor/abstractions/container-base.in
-index 1a3ead89..39abf348 100644
+index 1a3ead89a..39abf348c 100644
 --- a/config/apparmor/abstractions/container-base.in
 +++ b/config/apparmor/abstractions/container-base.in
 @@ -82,7 +82,6 @@
@@ -62,5 +62,5 @@ index 1a3ead89..39abf348 100644
    # FIXME: This currently doesn't work due to the apparmor parser treating those as allowing all mounts.
  #  mount options=(rw,make-slave) -> **,
 -- 
-2.11.0
+2.20.1
 

debian/patches/pve/0004-PVE-Up-separate-the-limiting-from-the-namespaced-cgr.patch

@@ -15,16 +15,16 @@ being used in order to combat this.
 
 Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 ---
- src/lxc/cgroups/cgfsng.c | 94 +++++++++++++++++++++++++++++++++++++++---------
- src/lxc/cgroups/cgroup.h | 18 +++++++---
- src/lxc/commands.c       | 87 +++++++++++++++++++++++++++++++++-----------
- src/lxc/commands.h       |  2 ++
- src/lxc/criu.c           |  4 +--
- src/lxc/start.c          | 28 +++++++++++----
+ src/lxc/cgroups/cgfsng.c | 94 +++++++++++++++++++++++++++++++++-------
+ src/lxc/cgroups/cgroup.h | 18 ++++++--
+ src/lxc/commands.c       | 87 ++++++++++++++++++++++++++++---------
+ src/lxc/commands.h       |  2 +
+ src/lxc/criu.c           |  4 +-
+ src/lxc/start.c          | 28 +++++++++---
  6 files changed, 183 insertions(+), 50 deletions(-)
 
 diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
-index ab99b47c..ac8f469b 100644
+index ab99b47c5..ac8f469bb 100644
 --- a/src/lxc/cgroups/cgfsng.c
 +++ b/src/lxc/cgroups/cgfsng.c
 @@ -818,6 +818,7 @@ static struct hierarchy *add_hierarchy(struct hierarchy ***h, char **clist, char
@@ -282,7 +282,7 @@ index ab99b47c..ac8f469b 100644
  		if (!path)
  			continue;
 diff --git a/src/lxc/cgroups/cgroup.h b/src/lxc/cgroups/cgroup.h
-index d4dcd506..59445b5a 100644
+index d4dcd506b..59445b5a5 100644
 --- a/src/lxc/cgroups/cgroup.h
 +++ b/src/lxc/cgroups/cgroup.h
 @@ -32,6 +32,12 @@
@@ -339,7 +339,7 @@ index d4dcd506..59445b5a 100644
  		       const char *lxcpath, pid_t pid);
  	bool (*mount)(struct cgroup_ops *ops, struct lxc_handler *handler,
 diff --git a/src/lxc/commands.c b/src/lxc/commands.c
-index 133384d7..b41a7600 100644
+index 133384d72..b41a76000 100644
 --- a/src/lxc/commands.c
 +++ b/src/lxc/commands.c
 @@ -427,20 +427,8 @@ static int lxc_cmd_get_clone_flags_callback(int fd, struct lxc_cmd_req *req,
@@ -465,7 +465,7 @@ index 133384d7..b41a7600 100644
  
  		if (cgroup_ops->unfreeze(cgroup_ops))
 diff --git a/src/lxc/commands.h b/src/lxc/commands.h
-index 2c024b65..7c4c00b1 100644
+index 2c024b65d..7c4c00b1e 100644
 --- a/src/lxc/commands.h
 +++ b/src/lxc/commands.h
 @@ -88,6 +88,8 @@ extern int lxc_cmd_console(const char *name, int *ttynum, int *fd,
@@ -478,7 +478,7 @@ index 2c024b65..7c4c00b1 100644
  extern char *lxc_cmd_get_config_item(const char *name, const char *item, const char *lxcpath);
  extern char *lxc_cmd_get_name(const char *hashed_sock);
 diff --git a/src/lxc/criu.c b/src/lxc/criu.c
-index 3d857b54..ec9bcb7e 100644
+index 3d857b541..ec9bcb7e4 100644
 --- a/src/lxc/criu.c
 +++ b/src/lxc/criu.c
 @@ -332,7 +332,7 @@ static void exec_criu(struct cgroup_ops *cgroup_ops, struct lxc_conf *conf,
@@ -500,7 +500,7 @@ index 3d857b54..ec9bcb7e 100644
  		goto out_fini_handler;
  	}
 diff --git a/src/lxc/start.c b/src/lxc/start.c
-index dae3bcfe..f3b29d6c 100644
+index dae3bcfe5..f3b29d6cd 100644
 --- a/src/lxc/start.c
 +++ b/src/lxc/start.c
 @@ -1649,7 +1649,7 @@ static int lxc_spawn(struct lxc_handler *handler)
@@ -561,5 +561,5 @@ index dae3bcfe..f3b29d6c 100644
  		/* Now we're ready to preserve the cgroup namespace */
  		ret = lxc_try_preserve_ns(handler->pid, "cgroup");
 -- 
-2.11.0
+2.20.1
 

debian/patches/pve/0005-PVE-Up-start-initutils-make-cgroupns-separation-leve.patch

@@ -17,7 +17,7 @@ Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
  3 files changed, 24 insertions(+), 19 deletions(-)
 
 diff --git a/src/lxc/initutils.c b/src/lxc/initutils.c
-index 11c80866..8b5e2542 100644
+index 11c808662..8b5e2542a 100644
 --- a/src/lxc/initutils.c
 +++ b/src/lxc/initutils.c
 @@ -63,14 +63,15 @@ static char *copy_global_config_value(char *p)
@@ -45,7 +45,7 @@ index 11c80866..8b5e2542 100644
  	};
  
 diff --git a/src/lxc/initutils.h b/src/lxc/initutils.h
-index 6bf23a70..b542e601 100644
+index 6bf23a706..b542e6015 100644
 --- a/src/lxc/initutils.h
 +++ b/src/lxc/initutils.h
 @@ -42,6 +42,7 @@
@@ -57,7 +57,7 @@ index 6bf23a70..b542e601 100644
  #ifndef PR_SET_MM
  #define PR_SET_MM 35
 diff --git a/src/lxc/start.c b/src/lxc/start.c
-index f3b29d6c..1cf792aa 100644
+index f3b29d6cd..1cf792aa2 100644
 --- a/src/lxc/start.c
 +++ b/src/lxc/start.c
 @@ -1820,17 +1820,20 @@ static int lxc_spawn(struct lxc_handler *handler)
@@ -93,5 +93,5 @@ index f3b29d6c..1cf792aa 100644
  	}
  
 -- 
-2.11.0
+2.20.1
 

debian/patches/pve/0006-PVE-Config-namespace-separation.patch

@@ -13,7 +13,7 @@ Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
  2 files changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/src/lxc/cgroups/cgroup.h b/src/lxc/cgroups/cgroup.h
-index 59445b5a..7d6135c1 100644
+index 59445b5a5..7d6135c19 100644
 --- a/src/lxc/cgroups/cgroup.h
 +++ b/src/lxc/cgroups/cgroup.h
 @@ -36,7 +36,7 @@
@@ -26,7 +26,7 @@ index 59445b5a..7d6135c1 100644
  struct lxc_handler;
  struct lxc_conf;
 diff --git a/src/lxc/initutils.h b/src/lxc/initutils.h
-index b542e601..78d3f2b1 100644
+index b542e6015..78d3f2b10 100644
 --- a/src/lxc/initutils.h
 +++ b/src/lxc/initutils.h
 @@ -42,7 +42,7 @@
@@ -39,5 +39,5 @@ index b542e601..78d3f2b1 100644
  #ifndef PR_SET_MM
  #define PR_SET_MM 35
 -- 
-2.11.0
+2.20.1
 

debian/patches/pve/0007-PVE-Up-possibility-to-run-lxc-monitord-as-a-regular-.patch

@@ -11,16 +11,16 @@ can be avoided by leaving it running permanently.
 Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 ---
  .gitignore                                  |  1 +
- config/init/systemd/Makefile.am             | 10 +++--
- config/init/systemd/lxc-monitord.service.in | 12 ++++++
+ config/init/systemd/Makefile.am             | 10 ++--
+ config/init/systemd/lxc-monitord.service.in | 12 +++++
  configure.ac                                |  1 +
  lxc.spec.in                                 |  1 +
- src/lxc/cmd/lxc_monitord.c                  | 60 +++++++++++++++++++++--------
+ src/lxc/cmd/lxc_monitord.c                  | 60 +++++++++++++++------
  6 files changed, 64 insertions(+), 21 deletions(-)
  create mode 100644 config/init/systemd/lxc-monitord.service.in
 
 diff --git a/.gitignore b/.gitignore
-index 45377714..69e6e7ff 100644
+index 45377714c..69e6e7ffe 100644
 --- a/.gitignore
 +++ b/.gitignore
 @@ -116,6 +116,7 @@ config/bash/lxc
@@ -32,7 +32,7 @@ index 45377714..69e6e7ff 100644
  config/init/systemd/lxc.service
  config/init/systemd/lxc@.service
 diff --git a/config/init/systemd/Makefile.am b/config/init/systemd/Makefile.am
-index c448850d..4a4fde5e 100644
+index c448850d1..4a4fde5e7 100644
 --- a/config/init/systemd/Makefile.am
 +++ b/config/init/systemd/Makefile.am
 @@ -2,19 +2,21 @@ EXTRA_DIST = \
@@ -63,7 +63,7 @@ index c448850d..4a4fde5e 100644
  pkglibexec_SCRIPTS = lxc-apparmor-load
 diff --git a/config/init/systemd/lxc-monitord.service.in b/config/init/systemd/lxc-monitord.service.in
 new file mode 100644
-index 00000000..40635168
+index 000000000..406351688
 --- /dev/null
 +++ b/config/init/systemd/lxc-monitord.service.in
 @@ -0,0 +1,12 @@
@@ -80,7 +80,7 @@ index 00000000..40635168
 +[Install]
 +WantedBy=multi-user.target
 diff --git a/configure.ac b/configure.ac
-index 9a6ba83c..9f3b8fb3 100644
+index 9a6ba83c2..9f3b8fb3c 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -747,6 +747,7 @@ AC_CONFIG_FILES([
@@ -92,7 +92,7 @@ index 9a6ba83c..9f3b8fb3 100644
  	config/init/sysvinit/lxc-containers
  	config/init/sysvinit/lxc-net
 diff --git a/lxc.spec.in b/lxc.spec.in
-index 7fcd811f..59597f46 100644
+index 7fcd811ff..59597f469 100644
 --- a/lxc.spec.in
 +++ b/lxc.spec.in
 @@ -247,6 +247,7 @@ fi
@@ -104,7 +104,7 @@ index 7fcd811f..59597f46 100644
  %{_sysconfdir}/rc.d/init.d/lxc
  %{_sysconfdir}/rc.d/init.d/lxc-net
 diff --git a/src/lxc/cmd/lxc_monitord.c b/src/lxc/cmd/lxc_monitord.c
-index 3b931b36..d3cc3597 100644
+index 3b931b361..d3cc35978 100644
 --- a/src/lxc/cmd/lxc_monitord.c
 +++ b/src/lxc/cmd/lxc_monitord.c
 @@ -359,17 +359,44 @@ static void lxc_monitord_sig_handler(int sig)
@@ -203,5 +203,5 @@ index 3b931b36..d3cc3597 100644
  			ERROR("mainloop returned an error");
  			break;
 -- 
-2.11.0
+2.20.1
 

debian/patches/pve/0008-PVE-Config-Disable-lxc.monitor-cgroup.patch

@@ -13,7 +13,7 @@ Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
  1 file changed, 9 insertions(+), 9 deletions(-)
 
 diff --git a/src/lxc/start.c b/src/lxc/start.c
-index 1cf792aa..24f387de 100644
+index 1cf792aa2..24f387de6 100644
 --- a/src/lxc/start.c
 +++ b/src/lxc/start.c
 @@ -1954,15 +1954,15 @@ int __lxc_start(const char *name, struct lxc_handler *handler,
@@ -42,5 +42,5 @@ index 1cf792aa..24f387de 100644
  	if (geteuid() == 0 && !lxc_list_empty(&conf->id_map)) {
  		/* If the backing store is a device, mount it here and now. */
 -- 
-2.11.0
+2.20.1
 

debian/patches/pve/0010-PVE-Config-attach-always-use-getent.patch

@@ -0,0 +1,78 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Date: Tue, 13 Aug 2019 13:57:22 +0200
+Subject: [PATCH] PVE: [Config] attach: always use getent
+
+In debian buster, some libnss plugins (if installed) can
+cause getpwent to segfault instead of erroring out cleanly.
+To avoid this, stick to always using getent.
+
+Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
+---
+ src/lxc/attach.c | 29 ++---------------------------
+ 1 file changed, 2 insertions(+), 27 deletions(-)
+
+diff --git a/src/lxc/attach.c b/src/lxc/attach.c
+index 117e3778f..8b34a412e 100644
+--- a/src/lxc/attach.c
++++ b/src/lxc/attach.c
+@@ -1548,11 +1548,7 @@ int lxc_attach_run_command(void *payload)
+ int lxc_attach_run_shell(void* payload)
+ {
+ 	uid_t uid;
+-	struct passwd pwent;
+-	struct passwd *pwentp = NULL;
+ 	char *user_shell;
+-	char *buf;
+-	size_t bufsize;
+ 	int ret;
+ 
+ 	/* Ignore payload parameter. */
+@@ -1560,32 +1556,13 @@ int lxc_attach_run_shell(void* payload)
+ 
+ 	uid = getuid();
+ 
+-	bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
+-	if (bufsize == -1)
+-		bufsize = 1024;
+-
+-	buf = malloc(bufsize);
+-	if (buf) {
+-		ret = getpwuid_r(uid, &pwent, buf, bufsize, &pwentp);
+-		if (!pwentp) {
+-			if (ret == 0)
+-				WARN("Could not find matched password record");
+-
+-			WARN("Failed to get password record - %u", uid);
+-		}
+-	}
+-
+ 	/* This probably happens because of incompatible nss implementations in
+ 	 * host and container (remember, this code is still using the host's
+ 	 * glibc but our mount namespace is in the container) we may try to get
+ 	 * the information by spawning a [getent passwd uid] process and parsing
+ 	 * the result.
+ 	 */
+-	if (!pwentp)
+-		user_shell = lxc_attach_getpwshell(uid);
+-	else
+-		user_shell = pwent.pw_shell;
+-
++	user_shell = lxc_attach_getpwshell(uid);
+ 	if (user_shell)
+ 		execlp(user_shell, user_shell, (char *)NULL);
+ 
+@@ -1595,9 +1572,7 @@ int lxc_attach_run_shell(void* payload)
+ 	execlp("/bin/sh", "/bin/sh", (char *)NULL);
+ 
+ 	SYSERROR("Failed to execute shell");
+-	if (!pwentp)
+-		free(user_shell);
++	free(user_shell);
+ 
+-	free(buf);
+ 	return -1;
+ }
+-- 
+2.20.1
+

debian/patches/series

@@ -7,6 +7,7 @@ pve/0006-PVE-Config-namespace-separation.patch
 pve/0007-PVE-Up-possibility-to-run-lxc-monitord-as-a-regular-.patch
 pve/0008-PVE-Config-Disable-lxc.monitor-cgroup.patch
 pve/0009-init-add-ExecReload-to-lxc.service-to-only-reload-pr.patch
+pve/0010-PVE-Config-attach-always-use-getent.patch
 extra/0001-conf-use-SYSERROR-on-lxc_write_to_file-errors.patch
 extra/0002-Revert-conf-remove-extra-MS_BIND-with-sysfs-mixed.patch
 extra/0003-CVE-2019-5736-runC-rexec-callers-as-memfd.patch