lxc-start-ephemeral: Parse passwd directly

On Ubuntu 15.04, lxc-start-ephemeral's call to pwd.getpwnam always fails. While I haven't been able to prove it or track down an exact cause, I strongly suspect that glibc does not guarantee that you can call NSS functions after a context switch without re-execing. (Running "id root" in a subprocess from the same point works fine.) It's safer to use getent to extract the relevant line from the passwd file and parse it directly. Signed-off-by: Colin Watson <cjwatson@ubuntu.com>

lxc-start-ephemeral: Parse passwd directly
6b3ed343 · Colin Watson · Stéphane Graber · 27ec06f9 · 6b3ed343
Commit 6b3ed343 authored Sep 30, 2015 by Colin Watson Committed by Stéphane Graber Oct 07, 2015
Show whitespace changes
Inline Side-by-side

Showing with 11 additions and 7 deletions

lxc-start-ephemeral.in src/lxc/lxc-start-ephemeral.in +11 -7

No files found.
--- a/src/lxc/lxc-start-ephemeral.in
+++ b/src/lxc/lxc-start-ephemeral.in
@@ -29,7 +29,6 @@ import argparse
 import gettext
 import lxc
 import os
-import pwd
 import sys
 import subprocess
 import tempfile
@@ -338,12 +337,17 @@ if os.path.exists("/proc/self/ns/pid"):
            if args.user:
                username = args.user
-            user = pwd.getpwnam(username)
+            line = subprocess.check_output(
-            os.setgid(user.pw_gid)
+                ["getent", "passwd", username],
-            os.initgroups(user.pw_name, user.pw_gid)
+                universal_newlines=True).rstrip("\n")
-            os.setuid(user.pw_uid)
+            _, _, pw_uid, pw_gid, _, pw_dir, _ = line.split(":", 6)
-            os.chdir(user.pw_dir)
+            pw_uid = int(pw_uid)
-            os.environ['HOME'] = user.pw_dir
+            pw_gid = int(pw_gid)
+            os.setgid(pw_gid)
+            os.initgroups(username, pw_gid)
+            os.setuid(pw_uid)
+            os.chdir(pw_dir)
+            os.environ['HOME'] = pw_dir
        except:
            print(_("Unable to switch to user: %s" % username))
            sys.exit(1)