diff options
Diffstat (limited to 'jail/jail.c')
-rw-r--r-- | jail/jail.c | 45 |
1 files changed, 44 insertions, 1 deletions
diff --git a/jail/jail.c b/jail/jail.c index 3f42bcb..6e9306d 100644 --- a/jail/jail.c +++ b/jail/jail.c @@ -69,7 +69,7 @@ #endif #define STACK_SIZE (1024 * 1024) -#define OPT_ARGS "cC:d:EfFG:h:ij:J:ln:NoO:pP:r:R:sS:uU:w:T:y" +#define OPT_ARGS "cC:d:e:EfFG:h:ij:J:ln:NoO:pP:r:R:sS:uU:w:T:y" #define OCI_VERSION_STRING "1.0.2" @@ -980,6 +980,7 @@ static void usage(void) fprintf(stderr, " -C <file>\tcapabilities drop config\n"); fprintf(stderr, " -c\t\tset PR_SET_NO_NEW_PRIVS\n"); fprintf(stderr, " -n <name>\tthe name of the jail\n"); + fprintf(stderr, " -e <var>\timport environment variable\n"); fprintf(stderr, "namespace jail options:\n"); fprintf(stderr, " -h <hostname>\tchange the hostname of the jail\n"); fprintf(stderr, " -N\t\tjail has network namespace\n"); @@ -2541,6 +2542,12 @@ static int pidns_fd; static int timens_fd; #endif static void post_create_runtime(void); + +struct env_e { + struct list_head list; + char *envarg; +}; + int main(int argc, char **argv) { uid_t uid = getuid(); @@ -2549,6 +2556,9 @@ int main(int argc, char **argv) int ret = EXIT_FAILURE; int ch; char *tmp; + struct list_head envl = LIST_HEAD_INIT(envl); + struct env_e *enve, *tmpenve; + unsigned short int envn = 0, envc = 0; if (uid) { ERROR("not root, aborting: %m\n"); @@ -2578,6 +2588,11 @@ int main(int argc, char **argv) case 'd': debug = atoi(optarg); break; + case 'e': + enve = calloc(1, sizeof(*enve)); + enve->envarg = optarg; + list_add_tail(&enve->list, &envl); + break; case 'p': opts.namespace |= CLONE_NEWNS; opts.procfs = 1; @@ -2684,6 +2699,34 @@ int main(int argc, char **argv) opts.namespace |= CLONE_NEWIPC | CLONE_NEWPID; /* + * env import from cmdline is not available for OCI containers + */ + if (opts.ocibundle && !list_empty(&envl)) { + ret=-ENOTSUP; + goto errout; + } + + /* + * prepare list of env variables to import for slim containers + */ + if (!list_empty(&envl)) { + list_for_each_entry(enve, &envl, list) + ++envn; + + opts.envp = calloc(1 + envn, sizeof(char*)); + list_for_each_entry_safe(enve, tmpenve, &envl, list) { + tmp = getenv(enve->envarg); + if (tmp) + asprintf(&opts.envp[envc++], "%s=%s", enve->envarg, tmp); + + list_del(&enve->list); + free(enve); + } + + opts.envp[envc] = NULL; + } + + /* * uid in parent user namespace representing root user in new * user namespace, defaults to nobody unless specified in uidMappings */ |