-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not inherit HOME and USER env vars from pebble daemon environment #262
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, thanks!
There's a typo that Cris already pointed out. Should it also remove the "USERNAME" env variable?
@rebornplusplus i am not sure about unsetting the |
I'm not entirely certain this is the behaviour we want. Rather we should only throw away the USER and HOME env vars if we are actually changing users. If the current user != the exec user, throw away HOME, USER. If the HOME or USER is unset, try to get them from passwd, otherwise leave them unset. Then, always apply the requested env on top. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with @hpidcock's point, that we only want to throw away HOME
and USER
if current user != exec user ... however, with the way the code is set up, I think it's okay to just delete them here. The reason being because they're set up below based on the specified user:
// Set HOME and USER based on the UserID.
if environment["HOME"] == "" || environment["USER"] == "" {
var userID int
if args.UserID != nil {
userID = *args.UserID
} else {
userID = os.Getuid()
}
u, err := user.LookupId(strconv.Itoa(userID))
if err != nil {
logger.Noticef("Cannot look up user %d: %v", userID, err)
} else {
if environment["HOME"] == "" {
environment["HOME"] = u.HomeDir
}
if environment["USER"] == "" {
environment["USER"] = u.Username
}
}
}
In summary, if we always delete HOME
and USER
here where @shayancanonical has:
- If
HOME
andUSER
are specified in the exec environment, that will always win. - If they're not specified in the exec environment:
- If an exec user is specified, look up
HOME
andUSER
from the specified user's configuration. - If an exec user is not specified, look them up from the current user's configuration.
- If an exec user is specified, look up
One other thing: can we please add a test that exercises this? It will have to be one of the root tests (see here). That is, a test that fails before this code change, and succeeds after.
@@ -70,8 +70,14 @@ func Exec(st *state.State, args *ExecArgs) (*state.Task, ExecMetadata, error) { | |||
return nil, ExecMetadata{}, errors.New("cannot use interactive mode without a terminal") | |||
} | |||
|
|||
// Inherit the pebble daemon environment. | |||
// Inherit the pebble daemon environment (except HOME and USER env vars) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's worth expanding this comment, explaining why it was necessary. Also, if HOME
and USER
aren't present in args.Environment
, they are set up below based on the username and home directory of the provided user ID (or the current user if not specified).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
addressed in 88a02c5
@hpidcock said on Mattermost:
Ah, I see. In a container with no |
@hpidcock With the new changes, we now only just reset the HOME and USER env vars when the specified user for exec is not the current user (https://github.com/canonical/pebble/pull/262/files#diff-73a0b33c7f5299e3f54a1420f50ee1c44e83249410eba36e5ae55685a94a1d13R77) @benhoyt I looked into the the root test that was supposed to fail, but was passing (TestUserGroup) on
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great, looks good! Two minor suggestions, but good to go either way.
I've just added my suggestions directly. I'll merge this PR as soon as @hpidcock has given his thumbs-up. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, I'm happy with this.
Thanks for this @shayancanonical! |
#16066 Mostly includes test fixes and CI changes, but significant user-visible changes are: * Do not inherit HOME and USER env vars from pebble daemon environment (canonical/pebble#262) * servstate: backoff svcs should be stopped on exit (canonical/pebble#266)
Resolves #260 and #263
Issue
As part of https://github.com/canonical/pebble/pull/234/files, pebble inherit's the daemon's environment when compiling the request to send to the pebble daemon. As a result, the
HOME
andUSER
environment variables are also inherited (especially troublesome as theHOME
variable causes permission errors when executingpebble exec --user=ubuntu --group=ubuntu whoami
given that the daemon user is running asroot
Solution
The code already correctly sets the
HOME
andUSER
variables inrequest.go
based on the specified user and user's home directory. Therefore, nullify these env vars when inherited from the daemon's environment.Testing