rootless: fix reexec to use /proc/self/exe

Under some circumstances podman might be executed with a different argv0
than the actual path to the podman binary. This breaks the reexec logic
as it tried to exec argv0 which failed.

This is visible when using podmansh as login shell which get's the
special -podmansh on argv0 to signal the shell it is a login shell.

To fix this we can simply use /proc/self/exe as command path which is
much more robust and the argv array is still passed correctly.

Fixes #22672

Signed-off-by: Paul Holzinger <pholzing@redhat.com>

pkg/rootless/rootless_linux.c

@@ -922,8 +922,8 @@ reexec_userns_join (int pid_to_join, char *pause_pid_file_path)
       _exit (EXIT_FAILURE);
     }
 
-  execvp (argv[0], argv);
+  execvp ("/proc/self/exe", argv);
-  fprintf (stderr, "failed to execvp %s: %m\n", argv[0]);
+  fprintf (stderr, "failed to reexec: %m\n");
 
   _exit (EXIT_FAILURE);
 }
@@ -1145,7 +1145,8 @@ reexec_in_user_namespace (int ready, char *pause_pid_file_path, char *file_to_re
       _exit (ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE);
     }
 
-  execvp (argv[0], argv);
+  execvp ("/proc/self/exe", argv);
+  fprintf (stderr, "failed to reexec: %m\n");
 
   _exit (EXIT_FAILURE);
 }

test/system/550-pause-process.bats

@@ -94,7 +94,9 @@ function _check_pause_process() {
     run_podman system migrate
 
     # We're forced to use $PODMAN because run_podman cannot be backgrounded
-    $PODMAN run -i --name c_run $IMAGE sh -c "$SLEEPLOOP" &
+    # Also special logic to set a different argv0 to make sure the reexec still works:
+    # https://github.com/containers/podman/issues/22672
+    bash -c "exec -a argv0-podman $PODMAN run -i --name c_run $IMAGE sh -c '$SLEEPLOOP'" &
     local kidpid=$!
 
     _test_sigproxy c_run $kidpid