From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 39B671FF15E for ; Wed, 21 Jan 2026 17:06:09 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 036713FFD; Wed, 21 Jan 2026 17:06:26 +0100 (CET) Message-ID: <0af550e7-dc75-446f-a98b-deec1ee39031@proxmox.com> Date: Wed, 21 Jan 2026 17:05:53 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: Wolfgang Bumiller References: <20251215174203.267293-1-f.schauer@proxmox.com> <20251215174203.267293-3-f.schauer@proxmox.com> Content-Language: en-US From: Filip Schauer In-Reply-To: X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1769011496737 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.000 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] superseded: [PATCH container 2/2] oci create: honor `User` from OCI image config X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Cc: pve-devel@lists.proxmox.com Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" On 15/01/2026 14:17, Wolfgang Bumiller wrote: >> + if (my $usercfg = $oci_config_get_checked_scalar->('User')) { > This code should be factored into a separate sub. > >> + my ($user, $group) = $usercfg =~ /^([^:]+)(?::([^:]+))?$/ >> + or die "OCI config value for 'User' has an invalid format\n"; >> + >> + my $etc_passwd = "$rootdir/etc/passwd"; >> + my $etc_group = "$rootdir/etc/group"; >> + >> + # Scan file, match column $match_index against $match_val, return value at $ret_index >> + my $lookup_field = sub { >> + my ($file, $match_index, $match_val, $ret_index) = @_; >> + >> + open(my $fh, '<', $file) or return undef; >> + while (my $line = <$fh>) { >> + my @fields = split(/:/, $line); > A subtlety about this sub is that currently the last field also includes > the trailing `\n`. Should probably add a comment, or `chomp` it away, > even if we currently don't use the final field via `$ret_index`. > >> + if (defined($fields[$match_index]) && $fields[$match_index] eq $match_val) { >> + return $fields[$ret_index]; >> + } >> + } >> + return undef; >> + }; >> + >> + my $get_supplementary_groups = sub { >> + my ($username) = @_; >> + >> + my @groups; >> + open(my $fh, '<', $etc_group) or return undef; >> + while (defined(my $line = <$fh>)) { >> + push @groups, $1 >> + if ($line =~ m/^[^:]*:[^:]*:([^:]*):(?:[^,]*,)*$username(?:,|$)/); > Username comes from the outside and is only limited to not containing a > colon. To use it inside a regex you'd have to quote it as > `\Q$username\E`. > > Safer would be to do what you do in `$lookup_field` and just split on > `:` then `,` then grep with `eq`. Feedback implemented in v2: https://lore.proxmox.com/pve-devel/20260121160020.280888-1-f.schauer@proxmox.com _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel