External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-20 07:59:00 +00:00
Code

virt-login-shell: change way we request a login shell

Browse Source 
Currently we request a login shell by passing the -l argument
to the shell. This is either hardcoded, or required to be
specified by the user in the virt-login-shell.conf file.

The standard way for login programs to request a shell run
as a login shell is to modify the argv passed to execve()
so that argv[0] contains the relative shell filename
prefixed with a zero. eg instead of doing

  const char **shellargs = ["/bin/bash", "-l", NULL];
  execve(shellargs[0], shellargs, env);

We should be doing

  const char **shellargs = ["-bash", NULL];
  execve("/bin/bash", shellargs, env);

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2016-04-12 15:45:48 +01:00
parent da7396605b
commit 8a95d3df48
3 changed files with 28 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
tools/virt-login-shell.c
View File

@ -111,7 +111,7 @@ static int virLoginShellGetShellArgv(virConfPtr conf,
p = virConfGetValue(conf, "shell"); p = virConfGetValue(conf, "shell");
if (!p) { if (!p) {
len = 2; /* /bin/sh -l */ len = 1; /* /bin/sh */
} else if (p->type == VIR_CONF_LIST) { } else if (p->type == VIR_CONF_LIST) {
/* Calc length and check items */ /* Calc length and check items */
for (len = 0, pp = p->list; pp; len++, pp = pp->next) { for (len = 0, pp = p->list; pp; len++, pp = pp->next) {
@ -136,8 +136,6 @@ static int virLoginShellGetShellArgv(virConfPtr conf,
if (!p) { if (!p) {
if (VIR_STRDUP(shargv[i++], "/bin/sh") < 0) if (VIR_STRDUP(shargv[i++], "/bin/sh") < 0)
goto error; goto error;
if (VIR_STRDUP(shargv[i++], "-l") < 0)
goto error;
} else if (p->type == VIR_CONF_LIST) { } else if (p->type == VIR_CONF_LIST) {
for (pp = p->list; pp; pp = pp->next) { for (pp = p->list; pp; pp = pp->next) {
if (VIR_STRDUP(shargv[i++], pp->str) < 0) if (VIR_STRDUP(shargv[i++], pp->str) < 0)
@ -201,6 +199,7 @@ main(int argc, char **argv)
char *name = NULL; char *name = NULL;
char **shargv = NULL; char **shargv = NULL;
size_t shargvlen = 0; size_t shargvlen = 0;
char *shcmd = NULL;
virSecurityModelPtr secmodel = NULL; virSecurityModelPtr secmodel = NULL;
virSecurityLabelPtr seclabel = NULL; virSecurityLabelPtr seclabel = NULL;
virDomainPtr dom = NULL; virDomainPtr dom = NULL;
@ -215,6 +214,7 @@ main(int argc, char **argv)
int openmax; int openmax;
size_t i; size_t i;
const char *cmdstr = NULL; const char *cmdstr = NULL;
char *tmp;
struct option opt[] = { struct option opt[] = {
{"help", no_argument, NULL, 'h'}, {"help", no_argument, NULL, 'h'},
@ -347,6 +347,22 @@ main(int argc, char **argv)
shargv[shargvlen] = NULL; shargv[shargvlen] = NULL;
} }
/* We need to modify the first elementin shargv
* so that it has the relative filename and has
* a leading '-' to indicate it is a login shell
*/
shcmd = shargv[0];
if (shcmd[0] != '/') {
virReportSystemError(errno,
_("Shell '%s' should have absolute path"),
shcmd);
goto cleanup;
}
tmp = strrchr(shcmd, '/');
if (VIR_STRDUP(shargv[0], tmp) < 0)
goto cleanup;
shargv[0][0] = '-';
/* A fork is required to create new process in correct pid namespace. */ /* A fork is required to create new process in correct pid namespace. */
if ((cpid = virFork()) < 0) if ((cpid = virFork()) < 0)
goto cleanup; goto cleanup;
@ -358,9 +374,9 @@ main(int argc, char **argv)
tmpfd = i; tmpfd = i;
VIR_MASS_CLOSE(tmpfd); VIR_MASS_CLOSE(tmpfd);
} }
if (execv(shargv[0], (char *const*) shargv) < 0) { if (execv(shcmd, (char *const*) shargv) < 0) {
virReportSystemError(errno, _("Unable to exec shell %s"), virReportSystemError(errno, _("Unable to exec shell %s"),
shargv[0]); shcmd);
virDispatchError(NULL); virDispatchError(NULL);
return errno == ENOENT ? EXIT_ENOENT : EXIT_CANNOT_INVOKE; return errno == ENOENT ? EXIT_ENOENT : EXIT_CANNOT_INVOKE;
} }
@ -379,6 +395,7 @@ main(int argc, char **argv)
if (conn) if (conn)
virConnectClose(conn); virConnectClose(conn);
virStringFreeList(shargv); virStringFreeList(shargv);
VIR_FREE(shcmd);
VIR_FREE(name); VIR_FREE(name);
VIR_FREE(homedir); VIR_FREE(homedir);
VIR_FREE(seclabel); VIR_FREE(seclabel);

6
tools/virt-login-shell.conf
View File

@ -8,7 +8,11 @@
# container. Shell commands must be a list of commands/options separated by # container. Shell commands must be a list of commands/options separated by
# comma and delimited by square brackets. Defaults to: /bin/sh -l. # comma and delimited by square brackets. Defaults to: /bin/sh -l.
# Modify and uncomment the following to modify the login shell. # Modify and uncomment the following to modify the login shell.
# shell = [ "/bin/sh", "-l" ] #
# shell = [ "/bin/bash" ]
#
# Note there is no need to pass a '--login' / '-l' argument since
# virt-login-shell will always request a login shell
# allowed_users specifies the user names of all users that are allowed to # allowed_users specifies the user names of all users that are allowed to
# execute virt-login-shell. You can specify the users as a comma # execute virt-login-shell. You can specify the users as a comma

2
tools/virt-login-shell.pod
View File

@ -44,7 +44,7 @@ By default, virt-login-shell will execute the /bin/sh program for the user.
You can modify this behaviour by defining the shell variable in You can modify this behaviour by defining the shell variable in
/etc/libvirt/virt-login-shell.conf. /etc/libvirt/virt-login-shell.conf.
eg. shell = [ "/bin/ksh", "--login"] eg. shell = [ "/bin/bash" ]
By default no users are allowed to use virt-login-shell, if you want to allow By default no users are allowed to use virt-login-shell, if you want to allow
certain users to use virt-login-shell, you need to modify the allowed_users certain users to use virt-login-shell, you need to modify the allowed_users