-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
podman generate systemd --new can be broken by environment variable substitution and specifier expansion #9176
Comments
Not sure if it is sufficient, but I think replacing |
SGTM, we also have to escape a backslash according to the systemd documentation. |
Perfect! Do you have cycles to tackle the issue? I appreciated to have another pair of eyes on the systemd-gen code :) |
Yes I will take this one. |
In a systemd unit dollar and percent signs are used for variables. A backslash is used for escape sequences. If any of these characters are used in the create command we have to properly escape them so systemd does not try to interpret them. Fixes containers#9176 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
In a systemd unit dollar and percent signs are used for variables. A backslash is used for escape sequences. If any of these characters are used in the create command we have to properly escape them so systemd does not try to interpret them. Fixes containers#9176 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
When you have a container with environment variable syntax in command or systemd specifiers, systemd will attempt to expand those result in broken container.
Steps to reproduce the issue:
podman run -d --name sleep alpine sh -c 'kill -0 $$ && sleep infinity'
podman generate systemd --name --new sleep
Describe the results you received:
Container will crash with error
kill: illegal pid: $
. The reason is that systemd will expand environment variable before executing the command. Also, systemd uses$$
to escape a single$
, therefore the executed command will be no longer the same as the original command.Describe the results you expected:
Container will start in the same way as original podman command.
Additional information you deem important (e.g. issue happens only occasionally):
However, this issue is not only limited to literal
$
in command line being expanded environment variable as by systemd, literal%
may also expanded by systemd as specifiers. For example, if I haveprintf '%s' 'test'
, it will becomeprintf '/bin/sh' 'test'
.Reference for how systemd expand command line:
https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
https://www.freedesktop.org/software/systemd/man/systemd.service.html#Command%20lines
https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Specifiers
Output of
podman version
:The text was updated successfully, but these errors were encountered: