Restore pvebash

From Proxmox VE

Introduction

The /usr/bin/pvebash script enables one to chroot into stopped and mounted containers. It was removed in pve-manager v1.8.17 stating that it was a security risk. In order to restore this functionality we need to restore the script and alter the perl module that invokes it.

Contents of /usr/bin/pvebash

#!/bin/sh
 
export PS1="VM$1 $2:\\w\\\$ ";
umask 022
 
exec /usr/sbin/chroot /var/lib/vz/$2/$1 /bin/bash --norc
exec /usr/sbin/chroot /var/lib/vz/$2/$1 /bin/sh --norc

Line 1102 in /usr/share/perl5/PVE/ConfigServer.pm

     $vzcmd = [  '/usr/sbin/vzctl', 'enter', $veid ];

should be replaced with

     if ($status eq  'running') {
  $vzcmd = [ '/usr/sbin/vzctl', 'enter', $veid ];
     }  elsif ($status eq 'mounted') {
  $vzcmd = [ "/usr/bin/pvebash", $veid,  'root'];
     } else {
  $vzcmd = [ "/usr/bin/pvebash", $veid,  'private'];
     }

The files are available here.

Usage

This command has not been very well publicised and it can be used to chroot into a stopped or mounted container with:

/usr/bin/pvebash #VEID private

and

/usr/bin/pvebash #VEID root

respectively.

No rc startup scripts will be run in these cases.