setns: always assume a user identity, default to root.

Without this, an invocation like: sudo ansible-playbook foo.yml Where foo.yml uses setns, could inherit the HOME environment variable from the external non-root user, which broke /usr/bin/mysql_upgrade and plenty more.
6 years ago · 42f07466d2
parent c32b8d9728
commit 42f07466d2
2 changed files with 25 additions and 23 deletions
--- a/docs/api.rst
+++ b/docs/api.rst
@ -616,7 +616,7 @@ Router Class
            Filename or complete path to the ``lxc`` binary. ``PATH`` will be
            searched if given as a filename. Defaults to ``lxc``.

-    .. method:: setns (container, kind, docker_path=None, lxc_info_path=None, machinectl_path=None, \**kwargs)
+    .. method:: setns (container, kind, username=None, docker_path=None, lxc_info_path=None, machinectl_path=None, \**kwargs)

        Construct a context in the style of :meth:`local`, but change the
        active Linux process namespaces via calls to `setns(1)` before
@ -633,6 +633,9 @@ Router Class
            Container to connect to.
        :param str kind:
            One of ``docker``, ``lxc``, ``lxd`` or ``machinectl``.
+        :param str username:
+            Username within the container to :func:`setuid` to. Defaults to
+            ``root``.
        :param str docker_path:
            Filename or complete path to the Docker binary. ``PATH`` will be
            searched if given as a filename. Defaults to ``docker``.
--- a/mitogen/setns.py
+++ b/mitogen/setns.py
@ -118,7 +118,7 @@ class Stream(mitogen.parent.Stream):
    child_is_immediate_subprocess = False

    container = None
-    username = None
+    username = 'root'
    kind = None
    python_path = 'python'
    docker_path = 'docker'
@ -184,27 +184,26 @@ class Stream(mitogen.parent.Stream):
            except AttributeError:
                pass

-        if self.username:
-            try:
-                os.setgroups([grent.gr_gid
-                              for grent in grp.getgrall()
-                              if self.username in grent.gr_mem])
-                pwent = pwd.getpwnam(self.username)
-                os.setreuid(pwent.pw_uid, pwent.pw_uid)
-                # shadow-4.4/libmisc/setupenv.c. Not done: MAIL, PATH
-                os.environ.update({
-                    'HOME': pwent.pw_dir,
-                    'SHELL': pwent.pw_shell or '/bin/sh',
-                    'LOGNAME': self.username,
-                    'USER': self.username,
-                })
-                if ((os.path.exists(pwent.pw_dir) and
-                     os.access(pwent.pw_dir, os.X_OK))):
-                    os.chdir(pwent.pw_dir)
-            except Exception:
-                e = sys.exc_info()[1]
-                raise Error(self.username_msg, self.username, self.container,
-                            type(e).__name__, e)
+        try:
+            os.setgroups([grent.gr_gid
+                          for grent in grp.getgrall()
+                          if self.username in grent.gr_mem])
+            pwent = pwd.getpwnam(self.username)
+            os.setreuid(pwent.pw_uid, pwent.pw_uid)
+            # shadow-4.4/libmisc/setupenv.c. Not done: MAIL, PATH
+            os.environ.update({
+                'HOME': pwent.pw_dir,
+                'SHELL': pwent.pw_shell or '/bin/sh',
+                'LOGNAME': self.username,
+                'USER': self.username,
+            })
+            if ((os.path.exists(pwent.pw_dir) and
+                 os.access(pwent.pw_dir, os.X_OK))):
+                os.chdir(pwent.pw_dir)
+        except Exception:
+            e = sys.exc_info()[1]
+            raise Error(self.username_msg, self.username, self.container,
+                        type(e).__name__, e)

    username_msg = 'while transitioning to user %r in container %r: %s: %s'