[lxc-devel] [PATCH 2/2] lxc-attach: Implement --clear-env and --keep-env

Ward, David - 0663 - MITLL david.ward at ll.mit.edu
Mon Apr 1 17:30:20 UTC 2013 

On 03/30/2013 10:45 AM, Christian Seiler wrote:
> This patch introduces the --clear-env and --keep-env options for
> lxc-attach, that allows the user to specify whether the environment
> should be passed on inside the container or not.
>
> This is to be expanded upon in later versions, this patch only
> introduces the most basic functionality.
>
> Signed-off-by: Christian Seiler <christian-+GPkE3DhqnY at public.gmane.org>

The original intent of my earlier patch was to avoid different default 
behavior between lxc-execute and lxc-attach.  That no longer holds.  Can 
we apply these same changes below to lxc-execute please?

David


> ---
>   doc/lxc-attach.sgml.in |   33 +++++++++++++++++++++++++++++++++
>   src/lxc/attach.c       |   23 +++++++++++++++++++----
>   src/lxc/attach.h       |    7 ++++++-
>   src/lxc/lxc_attach.c   |   22 ++++++++++++++++++++--
>   4 files changed, 78 insertions(+), 7 deletions(-)
>
> diff --git a/doc/lxc-attach.sgml.in b/doc/lxc-attach.sgml.in
> index 36e1f70..a3bdb44 100644
> --- a/doc/lxc-attach.sgml.in
> +++ b/doc/lxc-attach.sgml.in
> @@ -54,6 +54,8 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
>         <arg choice="opt">-e</arg>
>         <arg choice="opt">-s <replaceable>namespaces</replaceable></arg>
>         <arg choice="opt">-R</arg>
> +      <arg choice="opt">--keep-env</arg>
> +      <arg choice="opt">--clear-env</arg>
>         <arg choice="opt">-- <replaceable>command</replaceable></arg>
>       </cmdsynopsis>
>     </refsynopsisdiv>
> @@ -173,6 +175,37 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
>   	</listitem>
>         </varlistentry>
>
> +      <varlistentry>
> +	<term>
> +	  <option>--keep-env</option>
> +	</term>
> +	<listitem>
> +	  <para>
> +	    Keep the current environment for attached programs. This is
> +	    the current default behaviour (as of version 0.9), but is
> +	    is likely to change in the future, since this may leak
> +	    undesirable information into the container. If you rely on
> +	    the environment being available for the attached program,
> +	    please use this option to be future-proof. In addition to
> +	    current environment variables, container=lxc will be set.
> +	  </para>
> +	</listitem>
> +      </varlistentry>
> +
> +      <varlistentry>
> +	<term>
> +	  <option>--clear-env</option>
> +	</term>
> +	<listitem>
> +	  <para>
> +	    Clear the environment before attaching, so no undesired
> +	    environment variables leak into the container. The variable
> +	    container=lxc will be the only environment with which the
> +	    attached program starts.
> +	  </para>
> +	</listitem>
> +      </varlistentry>
> +
>        </variablelist>
>
>     </refsect1>
> diff --git a/src/lxc/attach.c b/src/lxc/attach.c
> index 12adadb..5b3ee4f 100644
> --- a/src/lxc/attach.c
> +++ b/src/lxc/attach.c
> @@ -277,11 +277,26 @@ int lxc_attach_drop_privs(struct lxc_proc_context_info *ctx)
>   	return 0;
>   }
>
> -int lxc_attach_set_environment()
> +int lxc_attach_set_environment(enum lxc_attach_env_policy_t policy, char** extra_env, char** extra_keep)
>   {
> -	if (clearenv()) {
> -		SYSERROR("failed to clear environment");
> -		/* don't error out though */
> +	/* TODO: implement extra_env, extra_keep
> +	 * Rationale:
> +	 *  - extra_env is an array of strings of the form
> +	 *    "VAR=VALUE", which are to be set (after clearing or not,
> +	 *    depending on the value of the policy variable)
> +	 *  - extra_keep is an array of strings of the form
> +	 *    "VAR", which are extra environment variables to be kept
> +	 *    around after clearing (if that is done, otherwise, the
> +	 *    remain anyway)
> +	 */
> +	(void) extra_env;
> +	(void) extra_keep;
> +
> +	if (policy == LXC_ATTACH_CLEAR_ENV) {
> +		if (clearenv()) {
> +			SYSERROR("failed to clear environment");
> +			/* don't error out though */
> +		}
>   	}
>
>   	if (putenv("container=lxc")) {
> diff --git a/src/lxc/attach.h b/src/lxc/attach.h
> index 404ff4c..151445a 100644
> --- a/src/lxc/attach.h
> +++ b/src/lxc/attach.h
> @@ -34,10 +34,15 @@ struct lxc_proc_context_info {
>
>   extern struct lxc_proc_context_info *lxc_proc_get_context_info(pid_t pid);
>
> +typedef enum lxc_attach_env_policy_t {
> +	LXC_ATTACH_KEEP_ENV,
> +	LXC_ATTACH_CLEAR_ENV
> +} lxc_attach_env_policy_t;
> +
>   extern int lxc_attach_to_ns(pid_t other_pid, int which);
>   extern int lxc_attach_remount_sys_proc();
>   extern int lxc_attach_drop_privs(struct lxc_proc_context_info *ctx);
> -extern int lxc_attach_set_environment();
> +extern int lxc_attach_set_environment(enum lxc_attach_env_policy_t policy, char** extra_env, char** extra_keep);
>
>   extern char *lxc_attach_getpwshell(uid_t uid);
>
> diff --git a/src/lxc/lxc_attach.c b/src/lxc/lxc_attach.c
> index 7fd76ee..77039fb 100644
> --- a/src/lxc/lxc_attach.c
> +++ b/src/lxc/lxc_attach.c
> @@ -55,6 +55,9 @@ static const struct option my_longopts[] = {
>   	{"arch", required_argument, 0, 'a'},
>   	{"namespaces", required_argument, 0, 's'},
>   	{"remount-sys-proc", no_argument, 0, 'R'},
> +	/* TODO: decide upon short option names */
> +	{"clear-env", no_argument, 0, 500},
> +	{"keep-env", no_argument, 0, 501},
>   	LXC_COMMON_OPTIONS
>   };
>
> @@ -62,6 +65,7 @@ static int elevated_privileges = 0;
>   static signed long new_personality = -1;
>   static int namespace_flags = -1;
>   static int remount_sys_proc = 0;
> +static lxc_attach_env_policy_t env_policy = LXC_ATTACH_KEEP_ENV;
>
>   static int my_parser(struct lxc_arguments* args, int c, char* arg)
>   {
> @@ -85,6 +89,12 @@ static int my_parser(struct lxc_arguments* args, int c, char* arg)
>   		/* -s implies -e */
>   		elevated_privileges = 1;
>   		break;
> +        case 500: /* clear-env */
> +                env_policy = LXC_ATTACH_CLEAR_ENV;
> +                break;
> +        case 501: /* keep-env */
> +                env_policy = LXC_ATTACH_KEEP_ENV;
> +                break;
>   	}
>
>   	return 0;
> @@ -116,7 +126,15 @@ Options :\n\
>                       Remount /sys and /proc if not attaching to the\n\
>                       mount namespace when using -s in order to properly\n\
>                       reflect the correct namespace context. See the\n\
> -                    lxc-attach(1) manual page for details.\n",
> +                    lxc-attach(1) manual page for details.\n\
> +      --clear-env\n\
> +                    Clear all environment variables before attaching.\n\
> +                    The attached shell/program will start with only\n\
> +                    container=lxc set.\n\
> +      --keep-env\n\
> +                    Keep all current enivornment variables. This\n\
> +                    is the current default behaviour, but is likely to\n\
> +                    change in the future.\n",
>   	.options  = my_longopts,
>   	.parser   = my_parser,
>   	.checker  = NULL,
> @@ -411,7 +429,7 @@ int main(int argc, char *argv[])
>   			return -1;
>   		}
>
> -		if (lxc_attach_set_environment()) {
> +		if (lxc_attach_set_environment(env_policy, NULL, NULL)) {
>   			ERROR("could not set environment");
>   			return -1;
>   		}
>


-- 
David Ward, Associate Staff
Wideband Tactical Networking Group
MIT Lincoln Laboratory
Office: 781-981-4266
Mobile: 781-999-1925
Fax: 781-981-4583

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4571 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20130401/d0e2774d/attachment.bin>

More information about the lxc-devel mailing list