podman generate systemd --new can be broken by environment variable substitution and specifier expansion #9176
Assignees
Labels
In Progress
This issue is actively being worked by the assignee, please do not work on this at this time.
kind/bug
Categorizes issue or PR as related to a bug.
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
Comments
openshift-ci-robot
added
the
kind/bug
ntkme
changed the title
ntkme
changed the title
|
Not sure if it is sufficient, but I think replacing |
|
SGTM, we also have to escape a backslash according to the systemd documentation. |
Perfect! Do you have cycles to tackle the issue? I appreciated to have another pair of eyes on the systemd-gen code :) |
|
Yes I will take this one. |
Luap99
added
the
In Progress
Luap99
pushed a commit
to Luap99/libpod
that referenced
this issue
Feb 1, 2021
In a systemd unit dollar and percent signs are used for variables. A backslash is used for escape sequences. If any of these characters are used in the create command we have to properly escape them so systemd does not try to interpret them. Fixes containers#9176 Signed-off-by: Paul Holzinger <[email protected]>
mheon
pushed a commit
to mheon/libpod
that referenced
this issue
Feb 4, 2021
In a systemd unit dollar and percent signs are used for variables. A backslash is used for escape sequences. If any of these characters are used in the create command we have to properly escape them so systemd does not try to interpret them. Fixes containers#9176 Signed-off-by: Paul Holzinger <[email protected]>
github-actions
bot
added
the
locked - please file new issue/PR
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
When you have a container with environment variable syntax in command or systemd specifiers, systemd will attempt to expand those result in broken container.
Steps to reproduce the issue:
podman run -d --name sleep alpine sh -c 'kill -0 $$ && sleep infinity'podman generate systemd --name --new sleepDescribe the results you received:
Container will crash with error
kill: illegal pid: $. The reason is that systemd will expand environment variable before executing the command. Also, systemd uses$$to escape a single$, therefore the executed command will be no longer the same as the original command.Describe the results you expected:
Container will start in the same way as original podman command.
Additional information you deem important (e.g. issue happens only occasionally):
However, this issue is not only limited to literal
$in command line being expanded environment variable as by systemd, literal%may also expanded by systemd as specifiers. For example, if I haveprintf '%s' 'test', it will becomeprintf '/bin/sh' 'test'.Reference for how systemd expand command line:
https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
https://www.freedesktop.org/software/systemd/man/systemd.service.html#Command%20lines
https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Specifiers
Output of
podman version:The text was updated successfully, but these errors were encountered: