From 42f07466d2a48d47e7f07944172aef878716a5cb Mon Sep 17 00:00:00 2001 From: David Wilson Date: Tue, 21 Aug 2018 01:16:01 +0100 Subject: [PATCH] setns: always assume a user identity, default to root. Without this, an invocation like: sudo ansible-playbook foo.yml Where foo.yml uses setns, could inherit the HOME environment variable from the external non-root user, which broke /usr/bin/mysql_upgrade and plenty more. --- docs/api.rst | 5 ++++- mitogen/setns.py | 43 +++++++++++++++++++++---------------------- 2 files changed, 25 insertions(+), 23 deletions(-) diff --git a/docs/api.rst b/docs/api.rst index b58069fc..67c61dee 100644 --- a/docs/api.rst +++ b/docs/api.rst @@ -616,7 +616,7 @@ Router Class Filename or complete path to the ``lxc`` binary. ``PATH`` will be searched if given as a filename. Defaults to ``lxc``. - .. method:: setns (container, kind, docker_path=None, lxc_info_path=None, machinectl_path=None, \**kwargs) + .. method:: setns (container, kind, username=None, docker_path=None, lxc_info_path=None, machinectl_path=None, \**kwargs) Construct a context in the style of :meth:`local`, but change the active Linux process namespaces via calls to `setns(1)` before @@ -633,6 +633,9 @@ Router Class Container to connect to. :param str kind: One of ``docker``, ``lxc``, ``lxd`` or ``machinectl``. + :param str username: + Username within the container to :func:`setuid` to. Defaults to + ``root``. :param str docker_path: Filename or complete path to the Docker binary. ``PATH`` will be searched if given as a filename. Defaults to ``docker``. diff --git a/mitogen/setns.py b/mitogen/setns.py index 224550ce..be87e063 100644 --- a/mitogen/setns.py +++ b/mitogen/setns.py @@ -118,7 +118,7 @@ class Stream(mitogen.parent.Stream): child_is_immediate_subprocess = False container = None - username = None + username = 'root' kind = None python_path = 'python' docker_path = 'docker' @@ -184,27 +184,26 @@ class Stream(mitogen.parent.Stream): except AttributeError: pass - if self.username: - try: - os.setgroups([grent.gr_gid - for grent in grp.getgrall() - if self.username in grent.gr_mem]) - pwent = pwd.getpwnam(self.username) - os.setreuid(pwent.pw_uid, pwent.pw_uid) - # shadow-4.4/libmisc/setupenv.c. Not done: MAIL, PATH - os.environ.update({ - 'HOME': pwent.pw_dir, - 'SHELL': pwent.pw_shell or '/bin/sh', - 'LOGNAME': self.username, - 'USER': self.username, - }) - if ((os.path.exists(pwent.pw_dir) and - os.access(pwent.pw_dir, os.X_OK))): - os.chdir(pwent.pw_dir) - except Exception: - e = sys.exc_info()[1] - raise Error(self.username_msg, self.username, self.container, - type(e).__name__, e) + try: + os.setgroups([grent.gr_gid + for grent in grp.getgrall() + if self.username in grent.gr_mem]) + pwent = pwd.getpwnam(self.username) + os.setreuid(pwent.pw_uid, pwent.pw_uid) + # shadow-4.4/libmisc/setupenv.c. Not done: MAIL, PATH + os.environ.update({ + 'HOME': pwent.pw_dir, + 'SHELL': pwent.pw_shell or '/bin/sh', + 'LOGNAME': self.username, + 'USER': self.username, + }) + if ((os.path.exists(pwent.pw_dir) and + os.access(pwent.pw_dir, os.X_OK))): + os.chdir(pwent.pw_dir) + except Exception: + e = sys.exc_info()[1] + raise Error(self.username_msg, self.username, self.container, + type(e).__name__, e) username_msg = 'while transitioning to user %r in container %r: %s: %s'