Use new default-user-shell option instead of hard-coding bash in nspawn and user...

Defaults to /bin/bash, no changes in the default configuration

The fallback shell for non-root users is as-specified,
and the interactive shell for nspawn sessions is started as
  exec(default-user-shell, "-" + basename(default-user-shell), ...)
before falling through to bash and sh

diff --git a/meson.build b/meson.build
index 7babab13635dffbd008ce40e3b2734eed5eb714b..c6f205caf71682899b175840f58fee63a5ba6c14 100644 (file)
--- a/meson.build
+++ b/meson.build
@@ -760,6 +760,10 @@ conf.set('TIME_EPOCH', time_epoch)
 
 conf.set('CLOCK_VALID_RANGE_USEC_MAX', get_option('clock-valid-range-usec-max'))
 
+default_user_shell = get_option('default-user-shell')
+conf.set_quoted('DEFAULT_USER_SHELL',      default_user_shell)
+conf.set_quoted('DEFAULT_USER_SHELL_NAME', fs.name(default_user_shell))
+
 foreach tuple : [['system-alloc-uid-min', 'SYS_UID_MIN', 1],  # Also see login.defs(5).
                  ['system-uid-max',       'SYS_UID_MAX', 999],
                  ['system-alloc-gid-min', 'SYS_GID_MIN', 1],

diff --git a/meson_options.txt b/meson_options.txt
index 27cfa9b697e0eec968f829162ed5169f5c2851c0..430b03d2b2748316742ace95ce2fd7324084e020 100644 (file)
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -220,6 +220,8 @@ option('time-epoch', type : 'integer', value : '-1',
        description : 'time epoch for time clients')
 option('clock-valid-range-usec-max', type : 'integer', value : '473364000000000', # 15 years
        description : 'maximum value in microseconds for the difference between RTC and epoch, exceeding which is considered an RTC error')
+option('default-user-shell', type : 'string', value : '/bin/bash',
+       description : 'default interactive shell')
 
 option('system-alloc-uid-min', type : 'integer', value : '-1',
        description : 'minimum system UID used when allocating')

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index e4c46866a072eee4a2dc7afccfef11c49aaa5ff0..aa7367c5c93439a3d9693ee2f7185b55e34c1227 100644 (file)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -3550,10 +3550,13 @@ static int inner_child(
                         /* If we cannot change the directory, we'll end up in /, that is expected. */
                         (void) chdir(home ?: "/root");
 
-                execle("/bin/bash", "-bash", NULL, env_use);
-                execle("/bin/sh", "-sh", NULL, env_use);
+                execle(DEFAULT_USER_SHELL, "-" DEFAULT_USER_SHELL_NAME, NULL, env_use);
+                if (!streq(DEFAULT_USER_SHELL, "/bin/bash"))
+                        execle("/bin/bash", "-bash", NULL, env_use);
+                if (!streq(DEFAULT_USER_SHELL, "/bin/sh"))
+                        execle("/bin/sh", "-sh", NULL, env_use);
 
-                exec_target = "/bin/bash, /bin/sh";
+                exec_target = DEFAULT_USER_SHELL ", /bin/bash, /bin/sh";
         }
 
         return log_error_errno(errno, "execv(%s) failed: %m", exec_target);

diff --git a/src/shared/user-record.c b/src/shared/user-record.c
index 5b406d1f42ca8deba27fc508d44ba2d29d8fccba..7c1c2cd99221dbb21a2f61e0b34f50d6c349cefc 100644 (file)
--- a/src/shared/user-record.c
+++ b/src/shared/user-record.c
@@ -1747,7 +1747,7 @@ const char *user_record_shell(UserRecord *h) {
                 return "/bin/sh";
 
         if (user_record_disposition(h) == USER_REGULAR)
-                return "/bin/bash";
+                return DEFAULT_USER_SHELL;
 
         return NOLOGIN;
 }