From 5fb025824f630ac6770fe41ac28bf6fe79bfa893 Mon Sep 17 00:00:00 2001 From: Dave Tucker Date: Wed, 28 Jun 2017 17:10:24 +0100 Subject: [PATCH] getty: Make namespacing more obvious Warn the user in the MOTD Add "(ns: getty)" or "(ns: sshd)" to the PS1 Use `agetty` and `-a root` to ensure we get a login shell when insecure Signed-off-by: Dave Tucker --- pkg/getty/etc/motd | 5 ++++- pkg/getty/etc/profile.d/namespace.sh | 1 + pkg/getty/usr/bin/rungetty.sh | 4 ++-- pkg/sshd/etc/motd | 5 ++++- pkg/sshd/etc/profile.d/namespace.sh | 1 + 5 files changed, 12 insertions(+), 4 deletions(-) create mode 100644 pkg/getty/etc/profile.d/namespace.sh create mode 100644 pkg/sshd/etc/profile.d/namespace.sh diff --git a/pkg/getty/etc/motd b/pkg/getty/etc/motd index 8132011ca..2414d0d94 100644 --- a/pkg/getty/etc/motd +++ b/pkg/getty/etc/motd @@ -1 +1,4 @@ -Welcome to LinuxKit +Welcome to LinuxKit! + +NOTE: This system is namespaced. +The namespace you are currently in may not be the root. diff --git a/pkg/getty/etc/profile.d/namespace.sh b/pkg/getty/etc/profile.d/namespace.sh new file mode 100644 index 000000000..db350f3fa --- /dev/null +++ b/pkg/getty/etc/profile.d/namespace.sh @@ -0,0 +1 @@ +export PS1="(ns: getty) $PS1" diff --git a/pkg/getty/usr/bin/rungetty.sh b/pkg/getty/usr/bin/rungetty.sh index 164554db9..454c0d6e3 100755 --- a/pkg/getty/usr/bin/rungetty.sh +++ b/pkg/getty/usr/bin/rungetty.sh @@ -31,14 +31,14 @@ start_getty() { # are we secure or insecure? loginargs= if [ "$INSECURE" == "true" ]; then - loginargs="-n -l /bin/sh" + loginargs="-a root" fi if ! grep -q -w "$tty" "$securetty"; then echo "$tty" >> "$securetty" fi # respawn forever - infinite_loop setsid.getty -w /sbin/getty $loginargs $line $speed $tty $term & + infinite_loop setsid.getty -w /sbin/agetty $loginargs $line $speed $tty $term & } # check if we have /etc/getty.shadow diff --git a/pkg/sshd/etc/motd b/pkg/sshd/etc/motd index 8132011ca..2414d0d94 100644 --- a/pkg/sshd/etc/motd +++ b/pkg/sshd/etc/motd @@ -1 +1,4 @@ -Welcome to LinuxKit +Welcome to LinuxKit! + +NOTE: This system is namespaced. +The namespace you are currently in may not be the root. diff --git a/pkg/sshd/etc/profile.d/namespace.sh b/pkg/sshd/etc/profile.d/namespace.sh new file mode 100644 index 000000000..45775ea08 --- /dev/null +++ b/pkg/sshd/etc/profile.d/namespace.sh @@ -0,0 +1 @@ +export PS1="(ns: sshd) $PS1"