From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <l.nunner@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 8351492FA2
 for <pve-devel@lists.proxmox.com>; Thu, 15 Sep 2022 13:53:06 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 7A4387FAF
 for <pve-devel@lists.proxmox.com>; Thu, 15 Sep 2022 13:52:36 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pve-devel@lists.proxmox.com>; Thu, 15 Sep 2022 13:52:35 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 40193442CF
 for <pve-devel@lists.proxmox.com>; Thu, 15 Sep 2022 13:52:35 +0200 (CEST)
From: Leo Nunner <l.nunner@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Thu, 15 Sep 2022 13:52:28 +0200
Message-Id: <20220915115228.117543-1-l.nunner@proxmox.com>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 POISEN_SPAM_PILL          0.1 Meta: its spam
 POISEN_SPAM_PILL_1        0.1 random spam to be learned in bayes
 POISEN_SPAM_PILL_3        0.1 random spam to be learned in bayes
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 T_SCC_BODY_TEXT_LINE    -0.01 -
Subject: [pve-devel] [PATCH v3 container] fix #4192: revamp check for
 systemd version
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Thu, 15 Sep 2022 11:53:06 -0000

Instead of iterating through several folders, it might just be easier to
check the objdump output of /sbin/init and getting the version from there.
Resolving the /sbin/init symlink happens inside the chroot, but the
objdump from the host system is used, as to not run any untrusted
executables.

Signed-off-by: Leo Nunner <l.nunner@proxmox.com>
---
I think putting the subroutine to resolve the /sbin/init symlink into
Setup.pm makes the most sense, since this isn't realy a task for the
plugin.

 src/PVE/LXC/Setup.pm           | 18 +++++++++++++++++-
 src/PVE/LXC/Setup/Alpine.pm    |  2 +-
 src/PVE/LXC/Setup/Base.pm      | 34 ++++++++++++++++++----------------
 src/PVE/LXC/Setup/Devuan.pm    |  2 +-
 src/PVE/LXC/Setup/Plugin.pm    |  2 +-
 src/PVE/LXC/Setup/Unmanaged.pm |  2 +-
 6 files changed, 39 insertions(+), 21 deletions(-)

diff --git a/src/PVE/LXC/Setup.pm b/src/PVE/LXC/Setup.pm
index b72a18e..fe6f0db 100644
--- a/src/PVE/LXC/Setup.pm
+++ b/src/PVE/LXC/Setup.pm
@@ -285,7 +285,7 @@ sub post_create_hook {
 sub unified_cgroupv2_support {
     my ($self) = @_;
 
-    return $self->protected_call(sub { $self->{plugin}->unified_cgroupv2_support() });
+    return $self->{plugin}->unified_cgroupv2_support($self->get_ct_init_path());
 }
 
 # os-release(5):
@@ -335,4 +335,20 @@ sub get_ct_os_release {
     return &$parse_os_release($data);
 }
 
+# Checks whether /sbin/init is a symlink, and if it is, 
+# resolves it to the actual binary
+sub get_ct_init_path { 
+    my ($self) = @_;
+
+    my $init = $self->protected_call(sub {
+	my $init_path = "/sbin/init";
+	if($self->{plugin}->ct_is_symlink($init_path)) {
+    	    $init_path = $self->{plugin}->ct_readlink($init_path);
+	}
+	return $init_path;
+    });
+
+    return $init;
+}
+
 1;
diff --git a/src/PVE/LXC/Setup/Alpine.pm b/src/PVE/LXC/Setup/Alpine.pm
index b56d895..87d72be 100644
--- a/src/PVE/LXC/Setup/Alpine.pm
+++ b/src/PVE/LXC/Setup/Alpine.pm
@@ -102,7 +102,7 @@ sub setup_network {
 
 # non systemd based containers work with pure cgroupv2
 sub unified_cgroupv2_support {
-    my ($self) = @_;
+    my ($self, $init) = @_;
 
     return 1;
 }
diff --git a/src/PVE/LXC/Setup/Base.pm b/src/PVE/LXC/Setup/Base.pm
index cc12914..09155cf 100644
--- a/src/PVE/LXC/Setup/Base.pm
+++ b/src/PVE/LXC/Setup/Base.pm
@@ -514,40 +514,42 @@ sub clear_machine_id {
     }
 }
 
-# tries to guess the systemd (major) version based on the existence of
-# (/usr)?/lib/systemd/libsystemd-shared<version>.so. It was introduced in v231.
+# tries to guess the systemd (major) version based on the
+# libsystemd-shared<version>.so linked with /sbin/init
 sub get_systemd_version {
-    my ($self) = @_;
+    my ($self, $init) = @_;
 
-    my $sd_lib_dir = $self->ct_is_directory("/lib/systemd") ?
-	"/lib/systemd" : "/usr/lib/systemd";
-    my $libsd = PVE::Tools::dir_glob_regex($sd_lib_dir, "libsystemd-shared-.+\.so");
-    if (defined($libsd) && $libsd =~ /libsystemd-shared-(\d+)(?:\..*)?\.so/) {
-	return $1;
-    }
+    my $version = undef;
+    PVE::Tools::run_command(
+	['objdump', '-p', $self->{rootdir}.$init],
+	outfunc => sub {
+	    my $line = shift;
+	    if ($line =~ /libsystemd-shared-(\d+)(?:\.[a-zA-Z0-9]*)?\.so:$/) {
+		$version = $1;
+	    }},
+	errmsg => "objdump on $init failed",
+    );
 
-    return undef;
+    return $version;
 }
 
 sub unified_cgroupv2_support {
-    my ($self) = @_;
+    my ($self, $init) = @_;
 
     # https://www.freedesktop.org/software/systemd/man/systemd.html
     # systemd is installed as symlink to /sbin/init
-    my $systemd = $self->ct_readlink('/sbin/init');
-
     # assume non-systemd init will run with unified cgroupv2
-    if (!defined($systemd) || $systemd !~ m@/systemd$@) {
+    if (!defined($init) || $init !~ m@/systemd$@) {
 	return 1;
     }
 
     # systemd version 232 (e.g. debian stretch) supports the unified hierarchy
-    my $sdver = $self->get_systemd_version();
+    my $sdver = $self->get_systemd_version($init);
     if (!defined($sdver) || $sdver < 232) {
 	return 0;
     }
 
-    return 1
+    return 1;
 }
 
 sub ssh_host_key_types_to_generate {
diff --git a/src/PVE/LXC/Setup/Devuan.pm b/src/PVE/LXC/Setup/Devuan.pm
index 3e15bb2..059f145 100644
--- a/src/PVE/LXC/Setup/Devuan.pm
+++ b/src/PVE/LXC/Setup/Devuan.pm
@@ -42,7 +42,7 @@ sub new {
 
 # non systemd based containers work with pure cgroupv2
 sub unified_cgroupv2_support {
-    my ($self) = @_;
+    my ($self, $init) = @_;
 
     return 1;
 }
diff --git a/src/PVE/LXC/Setup/Plugin.pm b/src/PVE/LXC/Setup/Plugin.pm
index 8458ad8..7024856 100644
--- a/src/PVE/LXC/Setup/Plugin.pm
+++ b/src/PVE/LXC/Setup/Plugin.pm
@@ -48,7 +48,7 @@ sub set_user_password {
 }
 
 sub unified_cgroupv2_support {
-    my ($self) = @_;
+    my ($self, $init) = @_;
     croak "implement me in sub-class\n";
 }
 
diff --git a/src/PVE/LXC/Setup/Unmanaged.pm b/src/PVE/LXC/Setup/Unmanaged.pm
index 3b9febf..280af04 100644
--- a/src/PVE/LXC/Setup/Unmanaged.pm
+++ b/src/PVE/LXC/Setup/Unmanaged.pm
@@ -45,7 +45,7 @@ sub set_user_password {
 }
 
 sub unified_cgroupv2_support {
-    my ($self) = @_;
+    my ($self, $init) = @_;
     return 1; # faking it won't normally hurt ;-)
 }
 
-- 
2.30.2