From 53350c7bbade8c5f357aa3d1029ef9b2208ea675 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= <nabijaczleweli@nabijaczleweli.xyz>
Date: Thu, 24 Mar 2022 17:15:39 +0100
Subject: [PATCH] Use new default-user-shell option instead of hard-coding bash
 in nspawn and user-record

Defaults to /bin/bash, no changes in the default configuration

The fallback shell for non-root users is as-specified,
and the interactive shell for nspawn sessions is started as
  exec(default-user-shell, "-" + basename(default-user-shell), ...)
before falling through to bash and sh
---
 meson.build              | 4 ++++
 meson_options.txt        | 2 ++
 src/nspawn/nspawn.c      | 9 ++++++---
 src/shared/user-record.c | 2 +-
 4 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/meson.build b/meson.build
index 7babab13635..c6f205caf71 100644
--- a/meson.build
+++ b/meson.build
@@ -760,6 +760,10 @@ conf.set('TIME_EPOCH', time_epoch)
 
 conf.set('CLOCK_VALID_RANGE_USEC_MAX', get_option('clock-valid-range-usec-max'))
 
+default_user_shell = get_option('default-user-shell')
+conf.set_quoted('DEFAULT_USER_SHELL',      default_user_shell)
+conf.set_quoted('DEFAULT_USER_SHELL_NAME', fs.name(default_user_shell))
+
 foreach tuple : [['system-alloc-uid-min', 'SYS_UID_MIN', 1],  # Also see login.defs(5).
                  ['system-uid-max',       'SYS_UID_MAX', 999],
                  ['system-alloc-gid-min', 'SYS_GID_MIN', 1],
diff --git a/meson_options.txt b/meson_options.txt
index 27cfa9b697e..430b03d2b27 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -220,6 +220,8 @@ option('time-epoch', type : 'integer', value : '-1',
        description : 'time epoch for time clients')
 option('clock-valid-range-usec-max', type : 'integer', value : '473364000000000', # 15 years
        description : 'maximum value in microseconds for the difference between RTC and epoch, exceeding which is considered an RTC error')
+option('default-user-shell', type : 'string', value : '/bin/bash',
+       description : 'default interactive shell')
 
 option('system-alloc-uid-min', type : 'integer', value : '-1',
        description : 'minimum system UID used when allocating')
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index e4c46866a07..aa7367c5c93 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -3550,10 +3550,13 @@ static int inner_child(
                         /* If we cannot change the directory, we'll end up in /, that is expected. */
                         (void) chdir(home ?: "/root");
 
-                execle("/bin/bash", "-bash", NULL, env_use);
-                execle("/bin/sh", "-sh", NULL, env_use);
+                execle(DEFAULT_USER_SHELL, "-" DEFAULT_USER_SHELL_NAME, NULL, env_use);
+                if (!streq(DEFAULT_USER_SHELL, "/bin/bash"))
+                        execle("/bin/bash", "-bash", NULL, env_use);
+                if (!streq(DEFAULT_USER_SHELL, "/bin/sh"))
+                        execle("/bin/sh", "-sh", NULL, env_use);
 
-                exec_target = "/bin/bash, /bin/sh";
+                exec_target = DEFAULT_USER_SHELL ", /bin/bash, /bin/sh";
         }
 
         return log_error_errno(errno, "execv(%s) failed: %m", exec_target);
diff --git a/src/shared/user-record.c b/src/shared/user-record.c
index 5b406d1f42c..7c1c2cd9922 100644
--- a/src/shared/user-record.c
+++ b/src/shared/user-record.c
@@ -1747,7 +1747,7 @@ const char *user_record_shell(UserRecord *h) {
                 return "/bin/sh";
 
         if (user_record_disposition(h) == USER_REGULAR)
-                return "/bin/bash";
+                return DEFAULT_USER_SHELL;
 
         return NOLOGIN;
 }