[lxc-devel] [PATCH] lxc-attach: Clear environment and set container=lxc
Serge Hallyn
serge.hallyn at ubuntu.com
Thu Mar 28 15:02:33 UTC 2013
Quoting Christian Seiler (christian at iwakd.de):
> Hi again,
>
> > - lxc-attach with shell
> > clear env + container=lxc only
> > when doing getent lookup logic,
> > default PATH just for getent call
> > BUT don't pass it to shell because it will
> > probably read some defaults anyway
> > - lxc-attach with program name
> > clear env + container=lxc + default PATH (see below)
> > - lxc-attach with only partial namespaces
> > always set container=
> > probably (?) keep env but set container=lxc
> > (any process that setsid()s away drags baggage into the
> > container anyway)
> > - if -s MOUNT maybe sanitize PATH and LD_LIBRARY_PATH
> > additionally (LD_LIBRARY_PATH empty, PATH to defaults
> > below) but DON'T touch other variables
> > - probably: add option to override defaults if wanted, i.e.
> > on partial attach clean anyway
> > or on full attach keep in anyway
> > - probably: add option to set specific environment variables
> > -v PATH=... -v LD_LIBRARY_PATH=...
> > regardless of other options
> > - other options should not make any difference
> >
> > Default PATH:
> > /usr/local/bin:/usr/bin:/bin probably safe bet
> > + .../sbin maybe if uid inside
> > container
> > is 0, also add those
> >
> > Thoughts?
>
> In light of the fact that 0.9 is going to be here soon, any comments on
> this?
Sorry, I was waiting to see if anyone else would comment. Note this
kind of change is not going to be non-trivial, so it's definately (imo)
1.0 material
Your list seems to make sense. We might want to do the same thing
for lxc-execute (using common code to set up the environment).
-serge
More information about the lxc-devel
mailing list