From c6be89f8570be19c33af49198d4eb8e6d27d626f Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Wed, 30 Sep 2015 13:37:10 +0100 Subject: [PATCH] lxc-start-ephemeral: Parse passwd directly On Ubuntu 15.04, lxc-start-ephemeral's call to pwd.getpwnam always fails. While I haven't been able to prove it or track down an exact cause, I strongly suspect that glibc does not guarantee that you can call NSS functions after a context switch without re-execing. (Running "id root" in a subprocess from the same point works fine.) It's safer to use getent to extract the relevant line from the passwd file and parse it directly. Signed-off-by: Colin Watson --- src/lxc/lxc-start-ephemeral.in | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/src/lxc/lxc-start-ephemeral.in b/src/lxc/lxc-start-ephemeral.in index d2c3904d3..b5aae64e5 100644 --- a/src/lxc/lxc-start-ephemeral.in +++ b/src/lxc/lxc-start-ephemeral.in @@ -29,7 +29,6 @@ import argparse import gettext import lxc import os -import pwd import sys import subprocess import tempfile @@ -363,12 +362,17 @@ if os.path.exists("/proc/self/ns/pid"): if args.user: username = args.user - user = pwd.getpwnam(username) - os.setgid(user.pw_gid) - os.initgroups(user.pw_name, user.pw_gid) - os.setuid(user.pw_uid) - os.chdir(user.pw_dir) - os.environ['HOME'] = user.pw_dir + line = subprocess.check_output( + ["getent", "passwd", username], + universal_newlines=True).rstrip("\n") + _, _, pw_uid, pw_gid, _, pw_dir, _ = line.split(":", 6) + pw_uid = int(pw_uid) + pw_gid = int(pw_gid) + os.setgid(pw_gid) + os.initgroups(username, pw_gid) + os.setuid(pw_uid) + os.chdir(pw_dir) + os.environ['HOME'] = pw_dir except: print(_("Unable to switch to user: %s" % username)) sys.exit(1)