diff options
| author | наб <nabijaczleweli@nabijaczleweli.xyz> | 2022-03-24 17:15:39 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2022-03-28 14:24:46 +0200 |
| commit | 53350c7bbade8c5f357aa3d1029ef9b2208ea675 (patch) | |
| tree | 4ace935223a8f92512765e67acf201068fc27f7b | |
| parent | 505df87ea85d62071f6daefa14c52107a085246b (diff) | |
| download | systemd-53350c7bbade8c5f357aa3d1029ef9b2208ea675.tar.gz | |
Use new default-user-shell option instead of hard-coding bash in nspawn and user-record
Defaults to /bin/bash, no changes in the default configuration
The fallback shell for non-root users is as-specified,
and the interactive shell for nspawn sessions is started as
exec(default-user-shell, "-" + basename(default-user-shell), ...)
before falling through to bash and sh
| -rw-r--r-- | meson.build | 4 | ||||
| -rw-r--r-- | meson_options.txt | 2 | ||||
| -rw-r--r-- | src/nspawn/nspawn.c | 9 | ||||
| -rw-r--r-- | src/shared/user-record.c | 2 |
4 files changed, 13 insertions, 4 deletions
diff --git a/meson.build b/meson.build index 7babab1363..c6f205caf7 100644 --- a/meson.build +++ b/meson.build @@ -760,6 +760,10 @@ conf.set('TIME_EPOCH', time_epoch) conf.set('CLOCK_VALID_RANGE_USEC_MAX', get_option('clock-valid-range-usec-max')) +default_user_shell = get_option('default-user-shell') +conf.set_quoted('DEFAULT_USER_SHELL', default_user_shell) +conf.set_quoted('DEFAULT_USER_SHELL_NAME', fs.name(default_user_shell)) + foreach tuple : [['system-alloc-uid-min', 'SYS_UID_MIN', 1], # Also see login.defs(5). ['system-uid-max', 'SYS_UID_MAX', 999], ['system-alloc-gid-min', 'SYS_GID_MIN', 1], diff --git a/meson_options.txt b/meson_options.txt index 27cfa9b697..430b03d2b2 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -220,6 +220,8 @@ option('time-epoch', type : 'integer', value : '-1', description : 'time epoch for time clients') option('clock-valid-range-usec-max', type : 'integer', value : '473364000000000', # 15 years description : 'maximum value in microseconds for the difference between RTC and epoch, exceeding which is considered an RTC error') +option('default-user-shell', type : 'string', value : '/bin/bash', + description : 'default interactive shell') option('system-alloc-uid-min', type : 'integer', value : '-1', description : 'minimum system UID used when allocating') diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index e4c46866a0..aa7367c5c9 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -3550,10 +3550,13 @@ static int inner_child( /* If we cannot change the directory, we'll end up in /, that is expected. */ (void) chdir(home ?: "/root"); - execle("/bin/bash", "-bash", NULL, env_use); - execle("/bin/sh", "-sh", NULL, env_use); + execle(DEFAULT_USER_SHELL, "-" DEFAULT_USER_SHELL_NAME, NULL, env_use); + if (!streq(DEFAULT_USER_SHELL, "/bin/bash")) + execle("/bin/bash", "-bash", NULL, env_use); + if (!streq(DEFAULT_USER_SHELL, "/bin/sh")) + execle("/bin/sh", "-sh", NULL, env_use); - exec_target = "/bin/bash, /bin/sh"; + exec_target = DEFAULT_USER_SHELL ", /bin/bash, /bin/sh"; } return log_error_errno(errno, "execv(%s) failed: %m", exec_target); diff --git a/src/shared/user-record.c b/src/shared/user-record.c index 5b406d1f42..7c1c2cd992 100644 --- a/src/shared/user-record.c +++ b/src/shared/user-record.c @@ -1747,7 +1747,7 @@ const char *user_record_shell(UserRecord *h) { return "/bin/sh"; if (user_record_disposition(h) == USER_REGULAR) - return "/bin/bash"; + return DEFAULT_USER_SHELL; return NOLOGIN; } |