[pve-devel] [PATCH container 1/2] setup: untaint path to host timezone

public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed

* [pve-devel] [PATCH container 1/2] setup: untaint path to host timezone
@ 2021-10-07 10:48 Fabian Ebner
  2021-10-07 10:48 ` [pve-devel] [PATCH container 2/2] setup: also set contents of /etc/timezone Fabian Ebner
  2021-10-07 12:33 ` [pve-devel] applied: [PATCH container 1/2] setup: untaint path to host timezone Thomas Lamprecht
  0 siblings, 2 replies; 4+ messages in thread
From: Fabian Ebner @ 2021-10-07 10:48 UTC (permalink / raw)
  To: pve-devel

To avoid an error with 'pct create ... --timezone host'.

Reported in the community forum:
https://forum.proxmox.com/threads/pct-create-command-with-timezone-host-option-fails-to-create-a-container.97538/

Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
---
 src/PVE/LXC/Setup.pm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/PVE/LXC/Setup.pm b/src/PVE/LXC/Setup.pm
index 4e211ef..7c377ab 100644
--- a/src/PVE/LXC/Setup.pm
+++ b/src/PVE/LXC/Setup.pm
@@ -114,7 +114,9 @@ sub new {
 
     # Cache some host files we need access to:
     $plugin->{host_resolv_conf} = PVE::INotify::read_file('resolvconf');
-    $plugin->{host_localtime} = abs_path('/etc/localtime');
+
+    abs_path('/etc/localtime') =~ m|^(/.+)| or die "invalid /etc/localtime\n"; # untaint
+    $plugin->{host_localtime} = $1;
 
     # pass on user namespace information:
     my ($id_map, $rootuid, $rootgid) = PVE::LXC::parse_id_maps($conf);
-- 
2.30.2





^ permalink raw reply	[flat|nested] 4+ messages in thread

* [pve-devel] [PATCH container 2/2] setup: also set contents of /etc/timezone
  2021-10-07 10:48 [pve-devel] [PATCH container 1/2] setup: untaint path to host timezone Fabian Ebner
@ 2021-10-07 10:48 ` Fabian Ebner
  2021-10-07 12:34   ` [pve-devel] applied: " Thomas Lamprecht
  2021-10-07 12:33 ` [pve-devel] applied: [PATCH container 1/2] setup: untaint path to host timezone Thomas Lamprecht
  1 sibling, 1 reply; 4+ messages in thread
From: Fabian Ebner @ 2021-10-07 10:48 UTC (permalink / raw)
  To: pve-devel

Some distributions like CentOS 8 and Gentoo don't have the file, so
only update if it already existed.

A slight change in behavior in set_timezone is that the warning will
now trigger if /etc/localtime is a link to $tz_path, but $tz_path does
not exist. Previously, it would return early if the link matched.

Programs that rely on /etc/timezone within the container will now see
the configured timezone too. While that is more correct, it's still a
change that might be unexpected.

Reported in the community forum:
https://forum.proxmox.com/threads/pct-create-command-with-timezone-host-option-fails-to-create-a-container.97538/

Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
---

Does this need to wait until PVE 8.0, because of potential breakage?

 src/PVE/LXC/Setup.pm      |  1 +
 src/PVE/LXC/Setup/Base.pm | 16 +++++++++++-----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/PVE/LXC/Setup.pm b/src/PVE/LXC/Setup.pm
index 7c377ab..5cc56af 100644
--- a/src/PVE/LXC/Setup.pm
+++ b/src/PVE/LXC/Setup.pm
@@ -114,6 +114,7 @@ sub new {
 
     # Cache some host files we need access to:
     $plugin->{host_resolv_conf} = PVE::INotify::read_file('resolvconf');
+    $plugin->{host_timezone} = PVE::INotify::read_file('timezone');
 
     abs_path('/etc/localtime') =~ m|^(/.+)| or die "invalid /etc/localtime\n"; # untaint
     $plugin->{host_localtime} = $1;
diff --git a/src/PVE/LXC/Setup/Base.pm b/src/PVE/LXC/Setup/Base.pm
index 04332ea..dafd69a 100644
--- a/src/PVE/LXC/Setup/Base.pm
+++ b/src/PVE/LXC/Setup/Base.pm
@@ -469,12 +469,18 @@ sub set_timezone {
 	$tz_path = $self->{host_localtime};
     }
 
-    return if abs_path('/etc/localtime') eq $tz_path;
-
     if ($self->ct_file_exists($tz_path)) {
-	my $tmpfile = "localtime.$$.new.tmpfile";
-	$self->ct_symlink($tz_path, $tmpfile);
-	$self->ct_rename($tmpfile, "/etc/localtime");
+	if (abs_path('/etc/localtime') ne $tz_path) {
+	    my $tmpfile = "localtime.$$.new.tmpfile";
+	    $self->ct_symlink($tz_path, $tmpfile);
+	    $self->ct_rename($tmpfile, "/etc/localtime");
+	}
+
+	# not all distributions have /etc/timezone
+	if ($self->ct_file_exists('/etc/timezone')) {
+	    my $contents = $zoneinfo eq 'host' ? $self->{host_timezone} : $zoneinfo;
+	    $self->ct_file_set_contents('/etc/timezone', "$contents\n");
+	}
     } else {
 	warn "container does not have $tz_path, timezone can not be modified\n";
     }
-- 
2.30.2





^ permalink raw reply	[flat|nested] 4+ messages in thread

* [pve-devel] applied: [PATCH container 2/2] setup: also set contents of /etc/timezone
  2021-10-07 10:48 ` [pve-devel] [PATCH container 2/2] setup: also set contents of /etc/timezone Fabian Ebner
@ 2021-10-07 12:34   ` Thomas Lamprecht
  0 siblings, 0 replies; 4+ messages in thread
From: Thomas Lamprecht @ 2021-10-07 12:34 UTC (permalink / raw)
  To: Proxmox VE development discussion, Fabian Ebner

On 07.10.21 12:48, Fabian Ebner wrote:
> Some distributions like CentOS 8 and Gentoo don't have the file, so
> only update if it already existed.
> 
> A slight change in behavior in set_timezone is that the warning will
> now trigger if /etc/localtime is a link to $tz_path, but $tz_path does
> not exist. Previously, it would return early if the link matched.
> 
> Programs that rely on /etc/timezone within the container will now see
> the configured timezone too. While that is more correct, it's still a
> change that might be unexpected.
> 
> Reported in the community forum:
> https://forum.proxmox.com/threads/pct-create-command-with-timezone-host-option-fails-to-create-a-container.97538/
> 
> Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
> ---
> 
> Does this need to wait until PVE 8.0, because of potential breakage?

nah, we changed setup stuff all the time, not that frequently anymore
because pve-container is quite stable/mature since a while but still
here and then.

If users report issues with the change we can still adapt to that.

> 
>  src/PVE/LXC/Setup.pm      |  1 +
>  src/PVE/LXC/Setup/Base.pm | 16 +++++++++++-----
>  2 files changed, 12 insertions(+), 5 deletions(-)
> 
>

applied, thanks!




^ permalink raw reply	[flat|nested] 4+ messages in thread

* [pve-devel] applied: [PATCH container 1/2] setup: untaint path to host timezone
  2021-10-07 10:48 [pve-devel] [PATCH container 1/2] setup: untaint path to host timezone Fabian Ebner
  2021-10-07 10:48 ` [pve-devel] [PATCH container 2/2] setup: also set contents of /etc/timezone Fabian Ebner
@ 2021-10-07 12:33 ` Thomas Lamprecht
  1 sibling, 0 replies; 4+ messages in thread
From: Thomas Lamprecht @ 2021-10-07 12:33 UTC (permalink / raw)
  To: Proxmox VE development discussion, Fabian Ebner

On 07.10.21 12:48, Fabian Ebner wrote:
> To avoid an error with 'pct create ... --timezone host'.
> 
> Reported in the community forum:
> https://forum.proxmox.com/threads/pct-create-command-with-timezone-host-option-fails-to-create-a-container.97538/
> 
> Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
> ---
>  src/PVE/LXC/Setup.pm | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
>

applied, thanks!




^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-10-07 12:36 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-07 10:48 [pve-devel] [PATCH container 1/2] setup: untaint path to host timezone Fabian Ebner
2021-10-07 10:48 ` [pve-devel] [PATCH container 2/2] setup: also set contents of /etc/timezone Fabian Ebner
2021-10-07 12:34   ` [pve-devel] applied: " Thomas Lamprecht
2021-10-07 12:33 ` [pve-devel] applied: [PATCH container 1/2] setup: untaint path to host timezone Thomas Lamprecht

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal