* [pve-devel] [PATCH container 1/2] setup: untaint path to host timezone
@ 2021-10-07 10:48 Fabian Ebner
2021-10-07 10:48 ` [pve-devel] [PATCH container 2/2] setup: also set contents of /etc/timezone Fabian Ebner
2021-10-07 12:33 ` [pve-devel] applied: [PATCH container 1/2] setup: untaint path to host timezone Thomas Lamprecht
0 siblings, 2 replies; 4+ messages in thread
From: Fabian Ebner @ 2021-10-07 10:48 UTC (permalink / raw)
To: pve-devel
To avoid an error with 'pct create ... --timezone host'.
Reported in the community forum:
https://forum.proxmox.com/threads/pct-create-command-with-timezone-host-option-fails-to-create-a-container.97538/
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
---
src/PVE/LXC/Setup.pm | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/PVE/LXC/Setup.pm b/src/PVE/LXC/Setup.pm
index 4e211ef..7c377ab 100644
--- a/src/PVE/LXC/Setup.pm
+++ b/src/PVE/LXC/Setup.pm
@@ -114,7 +114,9 @@ sub new {
# Cache some host files we need access to:
$plugin->{host_resolv_conf} = PVE::INotify::read_file('resolvconf');
- $plugin->{host_localtime} = abs_path('/etc/localtime');
+
+ abs_path('/etc/localtime') =~ m|^(/.+)| or die "invalid /etc/localtime\n"; # untaint
+ $plugin->{host_localtime} = $1;
# pass on user namespace information:
my ($id_map, $rootuid, $rootgid) = PVE::LXC::parse_id_maps($conf);
--
2.30.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] [PATCH container 2/2] setup: also set contents of /etc/timezone
2021-10-07 10:48 [pve-devel] [PATCH container 1/2] setup: untaint path to host timezone Fabian Ebner
@ 2021-10-07 10:48 ` Fabian Ebner
2021-10-07 12:34 ` [pve-devel] applied: " Thomas Lamprecht
2021-10-07 12:33 ` [pve-devel] applied: [PATCH container 1/2] setup: untaint path to host timezone Thomas Lamprecht
1 sibling, 1 reply; 4+ messages in thread
From: Fabian Ebner @ 2021-10-07 10:48 UTC (permalink / raw)
To: pve-devel
Some distributions like CentOS 8 and Gentoo don't have the file, so
only update if it already existed.
A slight change in behavior in set_timezone is that the warning will
now trigger if /etc/localtime is a link to $tz_path, but $tz_path does
not exist. Previously, it would return early if the link matched.
Programs that rely on /etc/timezone within the container will now see
the configured timezone too. While that is more correct, it's still a
change that might be unexpected.
Reported in the community forum:
https://forum.proxmox.com/threads/pct-create-command-with-timezone-host-option-fails-to-create-a-container.97538/
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
---
Does this need to wait until PVE 8.0, because of potential breakage?
src/PVE/LXC/Setup.pm | 1 +
src/PVE/LXC/Setup/Base.pm | 16 +++++++++++-----
2 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/src/PVE/LXC/Setup.pm b/src/PVE/LXC/Setup.pm
index 7c377ab..5cc56af 100644
--- a/src/PVE/LXC/Setup.pm
+++ b/src/PVE/LXC/Setup.pm
@@ -114,6 +114,7 @@ sub new {
# Cache some host files we need access to:
$plugin->{host_resolv_conf} = PVE::INotify::read_file('resolvconf');
+ $plugin->{host_timezone} = PVE::INotify::read_file('timezone');
abs_path('/etc/localtime') =~ m|^(/.+)| or die "invalid /etc/localtime\n"; # untaint
$plugin->{host_localtime} = $1;
diff --git a/src/PVE/LXC/Setup/Base.pm b/src/PVE/LXC/Setup/Base.pm
index 04332ea..dafd69a 100644
--- a/src/PVE/LXC/Setup/Base.pm
+++ b/src/PVE/LXC/Setup/Base.pm
@@ -469,12 +469,18 @@ sub set_timezone {
$tz_path = $self->{host_localtime};
}
- return if abs_path('/etc/localtime') eq $tz_path;
-
if ($self->ct_file_exists($tz_path)) {
- my $tmpfile = "localtime.$$.new.tmpfile";
- $self->ct_symlink($tz_path, $tmpfile);
- $self->ct_rename($tmpfile, "/etc/localtime");
+ if (abs_path('/etc/localtime') ne $tz_path) {
+ my $tmpfile = "localtime.$$.new.tmpfile";
+ $self->ct_symlink($tz_path, $tmpfile);
+ $self->ct_rename($tmpfile, "/etc/localtime");
+ }
+
+ # not all distributions have /etc/timezone
+ if ($self->ct_file_exists('/etc/timezone')) {
+ my $contents = $zoneinfo eq 'host' ? $self->{host_timezone} : $zoneinfo;
+ $self->ct_file_set_contents('/etc/timezone', "$contents\n");
+ }
} else {
warn "container does not have $tz_path, timezone can not be modified\n";
}
--
2.30.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] applied: [PATCH container 1/2] setup: untaint path to host timezone
2021-10-07 10:48 [pve-devel] [PATCH container 1/2] setup: untaint path to host timezone Fabian Ebner
2021-10-07 10:48 ` [pve-devel] [PATCH container 2/2] setup: also set contents of /etc/timezone Fabian Ebner
@ 2021-10-07 12:33 ` Thomas Lamprecht
1 sibling, 0 replies; 4+ messages in thread
From: Thomas Lamprecht @ 2021-10-07 12:33 UTC (permalink / raw)
To: Proxmox VE development discussion, Fabian Ebner
On 07.10.21 12:48, Fabian Ebner wrote:
> To avoid an error with 'pct create ... --timezone host'.
>
> Reported in the community forum:
> https://forum.proxmox.com/threads/pct-create-command-with-timezone-host-option-fails-to-create-a-container.97538/
>
> Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
> ---
> src/PVE/LXC/Setup.pm | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
>
applied, thanks!
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] applied: [PATCH container 2/2] setup: also set contents of /etc/timezone
2021-10-07 10:48 ` [pve-devel] [PATCH container 2/2] setup: also set contents of /etc/timezone Fabian Ebner
@ 2021-10-07 12:34 ` Thomas Lamprecht
0 siblings, 0 replies; 4+ messages in thread
From: Thomas Lamprecht @ 2021-10-07 12:34 UTC (permalink / raw)
To: Proxmox VE development discussion, Fabian Ebner
On 07.10.21 12:48, Fabian Ebner wrote:
> Some distributions like CentOS 8 and Gentoo don't have the file, so
> only update if it already existed.
>
> A slight change in behavior in set_timezone is that the warning will
> now trigger if /etc/localtime is a link to $tz_path, but $tz_path does
> not exist. Previously, it would return early if the link matched.
>
> Programs that rely on /etc/timezone within the container will now see
> the configured timezone too. While that is more correct, it's still a
> change that might be unexpected.
>
> Reported in the community forum:
> https://forum.proxmox.com/threads/pct-create-command-with-timezone-host-option-fails-to-create-a-container.97538/
>
> Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
> ---
>
> Does this need to wait until PVE 8.0, because of potential breakage?
nah, we changed setup stuff all the time, not that frequently anymore
because pve-container is quite stable/mature since a while but still
here and then.
If users report issues with the change we can still adapt to that.
>
> src/PVE/LXC/Setup.pm | 1 +
> src/PVE/LXC/Setup/Base.pm | 16 +++++++++++-----
> 2 files changed, 12 insertions(+), 5 deletions(-)
>
>
applied, thanks!
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-10-07 12:36 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-07 10:48 [pve-devel] [PATCH container 1/2] setup: untaint path to host timezone Fabian Ebner
2021-10-07 10:48 ` [pve-devel] [PATCH container 2/2] setup: also set contents of /etc/timezone Fabian Ebner
2021-10-07 12:34 ` [pve-devel] applied: " Thomas Lamprecht
2021-10-07 12:33 ` [pve-devel] applied: [PATCH container 1/2] setup: untaint path to host timezone Thomas Lamprecht
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal