From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 738901FF146 for ; Tue, 26 May 2026 12:55:49 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id F2D761A28C; Tue, 26 May 2026 12:55:46 +0200 (CEST) From: Fiona Ebner To: pve-devel@lists.proxmox.com Subject: [PATCH container] fix #7380: get systemd version: avoid wrong /proc/PID/root link resolution Date: Tue, 26 May 2026 12:54:01 +0200 Message-ID: <20260526105506.109458-1-f.ebner@proxmox.com> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1779792885093 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.141 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment POISEN_SPAM_PILL 0.1 Meta: its spam POISEN_SPAM_PILL_1 0.1 random spam to be learned in bayes POISEN_SPAM_PILL_3 0.1 random spam to be learned in bayes SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: CB6Z2VJHLWUXQZHI5F2XO6TDKUGRPMB7 X-Message-ID-Hash: CB6Z2VJHLWUXQZHI5F2XO6TDKUGRPMB7 X-MailFrom: f.ebner@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Commit c30fb19 ("setup: constrain and untaint path for systemd version detection") added an abs_path() call to resolve the path to the init binary inside the container. However, when the rootdir is /proc/$vmid/root, then abs_path() will fail to take into account the namespacing and while walking the path, will resolve the link (example output from stat): > File: /proc/162278/root -> / to the actual host root. Afterwards, the function would die because of the path not being prefixed by the rootdir path. The path to init binary is already resolved in get_ct_init_path() in a protected call, but was not yet untainted. Revert the faulty abs_path() call and instead untaint the result in get_ct_init_path() so that check_systemd_nesting() can be called in a -T environment, like the post-clone hook. Fixes: c30fb19 ("setup: constrain and untaint path for systemd version detection") Signed-off-by: Fiona Ebner --- src/PVE/LXC/Setup.pm | 1 + src/PVE/LXC/Setup/Base.pm | 9 +-------- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/src/PVE/LXC/Setup.pm b/src/PVE/LXC/Setup.pm index 5387dc6..d936af2 100644 --- a/src/PVE/LXC/Setup.pm +++ b/src/PVE/LXC/Setup.pm @@ -390,6 +390,7 @@ sub get_ct_init_path { return $self->{plugin}->get_ct_init_path(); }); + ($init) = $init =~ m|(/.*)| or die "unable to resolve init path - got '$init'\n"; # untaint return $init; } diff --git a/src/PVE/LXC/Setup/Base.pm b/src/PVE/LXC/Setup/Base.pm index f679558..be7afde 100644 --- a/src/PVE/LXC/Setup/Base.pm +++ b/src/PVE/LXC/Setup/Base.pm @@ -605,16 +605,9 @@ sub clear_machine_id { sub get_systemd_version { my ($self, $init) = @_; - my $binary = abs_path($self->{rootdir} . $init); - if ($binary =~ /(^\Q$self->{rootdir}\E.*)/) { - $binary = $1; # untainted - } else { - die "Could not construct path to systemd binary: $self->{rootdir}, $init"; - } - my $version = undef; PVE::Tools::run_command( - ['objdump', '-p', $binary], + ['objdump', '-p', $self->{rootdir} . $init], outfunc => sub { my $line = shift; if ($line =~ /libsystemd-shared-(\d+)(?:[-_.][a-zA-Z0-9]+)*\.so:?$/) { -- 2.47.3