From 1ce59a6a2d3a4c50b00fed7d06333c1889c7c74d Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 25 Oct 2022 11:07:23 +0200 Subject: [PATCH] cmd/run: Ensure that 'run' has the same container environment as 'enter' Currently, commands invoked using 'toolbox run' have a different environment than the interactive environment offered by 'toolbox enter'. This is because 'toolbox run' was invoking the commands using something like this: $ bash -c 'exec "$@"' bash [COMMAND] ... whereas, 'toolbox enter' was using something like this: $ bash -c 'exec "$@"' bash bash --login In the first case, the helper Bash shell is a non-interactive non-login shell. This means that it doesn't read any of the usual start-up files, and, hence, it doesn't pick up anything that's specified in them. It runs with the default environment variables set up by Podman and the Toolbx image, plus the environment variables set by Toolbx itself. In the second case, even though the helper Bash shell is still the same as the first, it eventually invokes a login shell, which runs the usual set of start-up files and picks up everything that's specified in them. Therefore, to ensure parity, 'toolbox run' should always have a login shell in the call chain inside the Toolbx container. The easiest option is to always use a helper shell that's a login shell with 'toolbox run', but not 'toolbox enter' so as to avoid reading the same start-up files twice, due to two login shells in the call chain. It will still end up reading the same start-up files twice, if someone tried to invoke a login shell through 'toolbox run', which is fine. It's very difficult to be sure that the user is invoking a login shell through 'toolbox run', and it's not what most users will be doing. https://github.com/containers/toolbox/issues/1076 --- src/cmd/run.go | 20 ++++++++++++++++---- test/system/104-run.bats | 15 +++++++++++++++ 2 files changed, 31 insertions(+), 4 deletions(-) diff --git a/src/cmd/run.go b/src/cmd/run.go index 5ad7c30..83e6480 100644 --- a/src/cmd/run.go +++ b/src/cmd/run.go @@ -300,7 +300,12 @@ func runCommandWithFallbacks(container string, command []string, emitEscapeSeque workDir := workingDirectory for { - execArgs := constructExecArgs(container, command, detachKeysSupported, envOptions, workDir) + execArgs := constructExecArgs(container, + command, + detachKeysSupported, + envOptions, + fallbackToBash, + workDir) if emitEscapeSequence { fmt.Printf("\033]777;container;push;%s;toolbox;%s\033\\", container, currentUser.Uid) @@ -421,8 +426,14 @@ func callFlatpakSessionHelper(container string) error { return nil } -func constructCapShArgs(command []string) []string { - capShArgs := []string{"capsh", "--caps=", "--", "-c", "exec \"$@\"", "bash"} +func constructCapShArgs(command []string, useLoginShell bool) []string { + capShArgs := []string{"capsh", "--caps=", "--"} + + if useLoginShell { + capShArgs = append(capShArgs, []string{"--login"}...) + } + + capShArgs = append(capShArgs, []string{"-c", "exec \"$@\"", "bash"}...) capShArgs = append(capShArgs, command...) return capShArgs @@ -432,6 +443,7 @@ func constructExecArgs(container string, command []string, detachKeysSupported bool, envOptions []string, + fallbackToBash bool, workDir string) []string { var detachKeys []string @@ -470,7 +482,7 @@ func constructExecArgs(container string, container, }...) - capShArgs := constructCapShArgs(command) + capShArgs := constructCapShArgs(command, !fallbackToBash) execArgs = append(execArgs, capShArgs...) return execArgs diff --git a/test/system/104-run.bats b/test/system/104-run.bats index 41947af..b067bad 100644 --- a/test/system/104-run.bats +++ b/test/system/104-run.bats @@ -13,6 +13,21 @@ teardown() { cleanup_containers } +@test "run: Ensure that a login shell is used to invoke the command" { + create_default_container + + cp "$HOME"/.bash_profile "$HOME"/.bash_profile.orig + echo "echo \"~/.bash_profile read\"" >>"$HOME"/.bash_profile + + run $TOOLBOX run true + + mv "$HOME"/.bash_profile.orig "$HOME"/.bash_profile + + assert_success + assert_line --index 0 "~/.bash_profile read" + assert [ ${#lines[@]} -eq 1 ] +} + @test "run: Try to run a command in the default container with no containers created" { local default_container_name="$(get_system_id)-toolbox-$(get_system_version)"