public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
* [pve-devel] [PATCH container] fix #5194: delete environment variables set by pve
@ 2024-01-22 10:12 Folke Gleumes
  2024-01-23  9:51 ` Fabian Grünbichler
  0 siblings, 1 reply; 4+ messages in thread
From: Folke Gleumes @ 2024-01-22 10:12 UTC (permalink / raw)
  To: pve-devel

proxmox-perl-rs set's SSL_CERT_{DIR,FILE}, which can break ssl in
containers if their certificate store can't be found in the same spot.
This patch explicitly unsets those variables before starting the
container.

Signed-off-by: Folke Gleumes <f.gleumes@proxmox.com>
---
 src/PVE/CLI/pct.pm | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/PVE/CLI/pct.pm b/src/PVE/CLI/pct.pm
index a0b9bce..53519e4 100755
--- a/src/PVE/CLI/pct.pm
+++ b/src/PVE/CLI/pct.pm
@@ -143,6 +143,15 @@ __PACKAGE__->register_method ({
 	exec(@$cmd);
     }});
 
+sub clean_environment {
+    # These env variables are currently needed by PVE to work correctly with rust libraries,
+    # but can break ssl inside of containers.
+    # An explanation why they are needed and the code that sets them can be found here:
+    # https://git.proxmox.com/?p=proxmox-perl-rs.git;a=blob;f=common/pkg/Proxmox/Lib/SslProbe.pm
+    delete $ENV{SSL_CERT_FILE};
+    delete $ENV{SSL_CERT_DIR};
+};
+
 __PACKAGE__->register_method ({
     name => 'enter',
     path => 'enter',
@@ -164,6 +173,7 @@ __PACKAGE__->register_method ({
 	PVE::LXC::Config->load_config($vmid); # test if container exists on this node
 	die "container '$vmid' not running!\n" if !PVE::LXC::check_running($vmid);
 
+	clean_environment();
 	exec('lxc-attach', '-n',  $vmid);
     }});
 
@@ -189,6 +199,7 @@ __PACKAGE__->register_method ({
 
 	die "missing command" if !@{$param->{'extra-args'}};
 
+	clean_environment();
 	exec('lxc-attach', '-n', $vmid, '--', @{$param->{'extra-args'}});
     }});
 
-- 
2.39.2





^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2024-01-26 12:31 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-22 10:12 [pve-devel] [PATCH container] fix #5194: delete environment variables set by pve Folke Gleumes
2024-01-23  9:51 ` Fabian Grünbichler
2024-01-26 11:39   ` Folke Gleumes
2024-01-26 12:31     ` Wolfgang Bumiller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal