[lxc-devel] [PATCH] lxc-attach: Clear environment and set container=lxc
Christian Seiler
christian at iwakd.de
Thu Mar 28 14:56:27 UTC 2013
Hi again,
> - lxc-attach with shell
> clear env + container=lxc only
> when doing getent lookup logic,
> default PATH just for getent call
> BUT don't pass it to shell because it will
> probably read some defaults anyway
> - lxc-attach with program name
> clear env + container=lxc + default PATH (see below)
> - lxc-attach with only partial namespaces
> always set container=
> probably (?) keep env but set container=lxc
> (any process that setsid()s away drags baggage into the
> container anyway)
> - if -s MOUNT maybe sanitize PATH and LD_LIBRARY_PATH
> additionally (LD_LIBRARY_PATH empty, PATH to defaults
> below) but DON'T touch other variables
> - probably: add option to override defaults if wanted, i.e.
> on partial attach clean anyway
> or on full attach keep in anyway
> - probably: add option to set specific environment variables
> -v PATH=... -v LD_LIBRARY_PATH=...
> regardless of other options
> - other options should not make any difference
>
> Default PATH:
> /usr/local/bin:/usr/bin:/bin probably safe bet
> + .../sbin maybe if uid inside
> container
> is 0, also add those
>
> Thoughts?
In light of the fact that 0.9 is going to be here soon, any comments on
this?
-- Christian
More information about the lxc-devel
mailing list