diff options
| author | Simon McVittie <smcv@collabora.com> | 2021-01-12 10:45:14 +0000 |
|---|---|---|
| committer | Simon McVittie <smcv@collabora.com> | 2021-06-22 17:57:35 +0100 |
| commit | 8f72ceb2c42a2d93c858b8775a88f13b891c8120 (patch) | |
| tree | 81c8ae935c6f1abca98607f806280ffb8b1d0f35 | |
| parent | 90c8cd49f7540cff4b29deb3b78903b855faa07d (diff) | |
| download | bubblewrap-8f72ceb2c42a2d93c858b8775a88f13b891c8120.tar.gz | |
Add --clearenv option
This allows environment variables to be set when running bwrap itself
(perhaps a custom LD_LIBRARY_PATH), but cleared for the command that
runs in the container, without having to enumerate all the variables.
Because PWD is set later, as a side-effect of changing directory, this
actually clears everything except PWD.
A portable program would check for clearenv() (and if not found, fall
back to using environ = NULL), but bubblewrap is Linux-specific, and
Linux C libraries (at least glibc and musl) do have clearenv().
Signed-off-by: Simon McVittie <smcv@collabora.com>
| -rw-r--r-- | bubblewrap.c | 5 | ||||
| -rwxr-xr-x | tests/test-run.sh | 3 | ||||
| -rw-r--r-- | utils.c | 7 | ||||
| -rw-r--r-- | utils.h | 1 |
4 files changed, 16 insertions, 0 deletions
diff --git a/bubblewrap.c b/bubblewrap.c index 6b91f22..b5b86ee 100644 --- a/bubblewrap.c +++ b/bubblewrap.c @@ -244,6 +244,7 @@ usage (int ecode, FILE *out) " --gid GID Custom gid in the sandbox (requires --unshare-user or --userns)\n" " --hostname NAME Custom hostname in the sandbox (requires --unshare-uts)\n" " --chdir DIR Change directory to DIR\n" + " --clearenv Unset all environment variables\n" " --setenv VAR VALUE Set an environment variable\n" " --unsetenv VAR Unset an environment variable\n" " --lock-file DEST Take a lock on DEST while sandbox is running\n" @@ -2084,6 +2085,10 @@ parse_args_recurse (int *argcp, argv += 1; argc -= 1; } + else if (strcmp (arg, "--clearenv") == 0) + { + xclearenv (); + } else if (strcmp (arg, "--setenv") == 0) { if (argc < 3) diff --git a/tests/test-run.sh b/tests/test-run.sh index 5ba65f7..426eeca 100755 --- a/tests/test-run.sh +++ b/tests/test-run.sh @@ -538,6 +538,9 @@ assert_file_has_content stdout barbaz FOO=wrong BAR=baz $RUN --unsetenv FOO sh -c 'printf "%s%s" "$FOO" "$BAR"' > stdout printf baz > reference assert_files_equal stdout reference +FOO=wrong BAR=wrong $RUN --clearenv /usr/bin/env > stdout +echo "PWD=$(pwd -P)" > reference +assert_files_equal stdout reference echo "ok - environment manipulation" echo "ok - End of test" @@ -231,6 +231,13 @@ has_prefix (const char *str, } void +xclearenv (void) +{ + if (clearenv () != 0) + die_with_error ("clearenv failed"); +} + +void xsetenv (const char *name, const char *value, int overwrite) { if (setenv (name, value, overwrite)) @@ -62,6 +62,7 @@ void *xrealloc (void *ptr, size_t size); char *xstrdup (const char *str); void strfreev (char **str_array); +void xclearenv (void); void xsetenv (const char *name, const char *value, int overwrite); |