[Libguestfs] [p2v PATCH 1/4] ssh: shield virt-v2v from bash RC files

Laszlo Ersek lersek at redhat.com
Thu Jan 19 12:14:45 UTC 2023 

I don't have virt-v2v installed system-wide on my RHEL9 laptop, I rely on
the various "./run" scripts to put everything that virt-p2v's "make check"
requires on the PATH environment variable.

However, "test-virt-p2v-nbdkit.sh" still breaks for me; it complains that
"virt-v2v --version" cannot be executed by test_connection(), due to
"virt-v2v" not being found.  Prefixing the "virt-v2v --version" invocation
in test_connection() with "echo \"$PATH\"; ", I've determined from
"test-virt-p2v-nbdkit.sh.log" that the *non-appending* PATH=... variable
assignment from my $HOME/.bashrc takes effect.  It wipes out the PATH
changes from the "./run" scripts, hiding virt-v2v.

I've added the following snippet to my $HOME/.bashrc file, for debugging:

> XXX=mess-$(date --rfc-3339=ns)--$$.log
> /bin/pstree -a -A -l -n -p $$ >| "$HOME/tmp/$XXX"

so that whichever shell read the RC file create a log file, named with a
nanosecond-resolution timestamp and the shell's PID, and record the "path"
in the process tree that lead to the shell.

The snippet created the following two files:

> mess-2023-01-18 09:33:49.896065330+01:00--36312.log
> mess-2023-01-18 09:33:49.937365639+01:00--36312.log

containing, respectively:

> bash,36312
>   `-pstree,36315 -a -A -l -n -p 36312

and

> bash,36312 --noediting --noprofile
>   `-pstree,36320 -a -A -l -n -p 36312

Note that the PID of the shell is unchanged, but the pstree PID changes.
This means that the same PID (same process) reads the bash RC file twice
-- which can only be explained by the *image* of the process being
replaced, from bash, to bash.

So the problem happens in two places:

- First, when we "exec" the interactive shell in "test-virt-p2v-ssh.sh",
  that is, our ssh "shim".  Interactive *non-login* shells read the RC
  file, unless the "--norc" option is passed.

- Second, when we "exec" bash from start_ssh(), on the remote machine.

  This invocation already passes the "--noprofile" option, but that has no
  effect.  "--noprofile" prevents the shell from reading
  "$HOME/.bash_profile" when the shell is a *login* shell, regardless of
  whether it is interactive or not.  Because the existent "--noprofile"
  option does not prevent the symptom, we can determine that the remote
  shell started by start_ssh() is a *non-login* shell, and that it's also
  interactive (otherwise it wouldn't read the RC file).  Thus, we need to
  pass "--norc" here as well.

  (While I believe, based on the above, that "--noprofile" is superfluous,
  I'd like to avoid any potential regressions here, so I'm keeping
  "--noprofile" too.)

Append "--norc" to both command lines.

Signed-off-by: Laszlo Ersek <lersek at redhat.com>
---
 ssh.c                | 2 +-
 test-virt-p2v-ssh.sh | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ssh.c b/ssh.c
index aeb57584cf55..513a20318359 100644
--- a/ssh.c
+++ b/ssh.c
@@ -469,7 +469,7 @@ start_ssh (unsigned spawn_flags, struct config *config,
    * We don't know how command line editing is set up
    * (https://bugzilla.redhat.com/1314244#c9).
    */
-  if (mexp_printf (h, "exec bash --noediting --noprofile\n") == -1) {
+  if (mexp_printf (h, "exec bash --noediting --noprofile --norc\n") == -1) {
     set_ssh_mexp_error ("mexp_printf");
     mexp_close (h);
     return NULL;
diff --git a/test-virt-p2v-ssh.sh b/test-virt-p2v-ssh.sh
index 8a14b71fbd4b..f8b86b539ffe 100755
--- a/test-virt-p2v-ssh.sh
+++ b/test-virt-p2v-ssh.sh
@@ -57,4 +57,4 @@ while true ; do
 done
 
 # Now run the interactive shell.
-exec bash
+exec bash --norc

More information about the Libguestfs mailing list