[lxc-devel] [PATCH] lxc-attach: Clear environment and set container=lxc
Christian Seiler
christian at iwakd.de
Tue Mar 26 18:18:55 UTC 2013
Hi,
> It doesn't come across as negative - it comes across as suggesting
> we need a list or matrix of use cases and to decide what to do in
> each case.
Ok, then I might want to start with some ideas thrown in:
- lxc-attach with shell
clear env + container=lxc only
when doing getent lookup logic,
default PATH just for getent call
BUT don't pass it to shell because it will
probably read some defaults anyway
- lxc-attach with program name
clear env + container=lxc + default PATH (see below)
- lxc-attach with only partial namespaces
always set container=
probably (?) keep env but set container=lxc
(any process that setsid()s away drags baggage into the
container anyway)
- if -s MOUNT maybe sanitize PATH and LD_LIBRARY_PATH
additionally (LD_LIBRARY_PATH empty, PATH to defaults
below) but DON'T touch other variables
- probably: add option to override defaults if wanted, i.e.
on partial attach clean anyway
or on full attach keep in anyway
- probably: add option to set specific environment variables
-v PATH=... -v LD_LIBRARY_PATH=...
regardless of other options
- other options should not make any difference
Default PATH:
/usr/local/bin:/usr/bin:/bin probably safe bet
+ .../sbin maybe if uid inside container
is 0, also add those
Thoughts?
-- Christian
More information about the lxc-devel
mailing list