Merge pull request lxc#2172 from stgraber/main

hallyn · web-flow · commit fa40153a6292 · 2025-06-03T23:49:00.000-05:00
incusd/instance/lxc: Tweak OCI entrypoint escaping
diff --git a/internal/server/instance/drivers/driver_lxc.go b/internal/server/instance/drivers/driver_lxc.go
@@ -2367,15 +2367,22 @@ func (d *lxc) startCommon() (string, []func() error, error) {
 			}
 		}
 
+		// Compute the entrypoint string.
+		initCmd := shellquote.Join(entrypoint...)
+
+		// As we feed this to execve and not to a real shell, un-escape some sequences.
+		initCmd = strings.ReplaceAll(initCmd, "\\(", "(")
+		initCmd = strings.ReplaceAll(initCmd, "\\)", ")")
+
 		if len(entrypoint) > 0 && slices.Contains([]string{"/init", "/sbin/init", "/s6-init"}, entrypoint[0]) {
 			// For regular init systems, call them directly as PID1.
-			err = lxcSetConfigItem(cc, "lxc.init.cmd", shellquote.Join(entrypoint...))
+			err = lxcSetConfigItem(cc, "lxc.init.cmd", initCmd)
 			if err != nil {
 				return "", nil, err
 			}
 		} else {
 			// For anything else, run them under our own PID1.
-			err = lxcSetConfigItem(cc, "lxc.execute.cmd", shellquote.Join(entrypoint...))
+			err = lxcSetConfigItem(cc, "lxc.execute.cmd", initCmd)
 			if err != nil {
 				return "", nil, err
 			}

Original file line number	Diff line number	Diff line change
`@@ -2367,15 +2367,22 @@ func (d *lxc) startCommon() (string, []func() error, error) {`
`2367`	`2367`	`}`
`2368`	`2368`	`}`
`2369`	`2369`
	`2370`	`+ // Compute the entrypoint string.`
	`2371`	`+ initCmd := shellquote.Join(entrypoint...)`
	`2372`	`+`
	`2373`	`+ // As we feed this to execve and not to a real shell, un-escape some sequences.`
	`2374`	`+ initCmd = strings.ReplaceAll(initCmd, "\\(", "(")`
	`2375`	`+ initCmd = strings.ReplaceAll(initCmd, "\\)", ")")`
	`2376`	`+`
`2370`	`2377`	`if len(entrypoint) > 0 && slices.Contains([]string{"/init", "/sbin/init", "/s6-init"}, entrypoint[0]) {`
`2371`	`2378`	`// For regular init systems, call them directly as PID1.`
`2372`		`- err = lxcSetConfigItem(cc, "lxc.init.cmd", shellquote.Join(entrypoint...))`
	`2379`	`+ err = lxcSetConfigItem(cc, "lxc.init.cmd", initCmd)`
`2373`	`2380`	`if err != nil {`
`2374`	`2381`	`return "", nil, err`
`2375`	`2382`	`}`
`2376`	`2383`	`} else {`
`2377`	`2384`	`// For anything else, run them under our own PID1.`
`2378`		`- err = lxcSetConfigItem(cc, "lxc.execute.cmd", shellquote.Join(entrypoint...))`
	`2385`	`+ err = lxcSetConfigItem(cc, "lxc.execute.cmd", initCmd)`
`2379`	`2386`	`if err != nil {`
`2380`	`2387`	`return "", nil, err`
`2381`	`2388`	`}`