[lxc-devel] [PATCH 1/1] lxc-user-nic: be more paranoid
Serge Hallyn
serge.hallyn at ubuntu.com
Mon Aug 25 17:50:25 UTC 2014
Just setting path isn't enough. Clear the whole environment, and only set
$PATH. It's all we need - ovs-vsctl is running fine this way.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
---
src/lxc/lxc_user_nic.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c
index 145a35d..b2b5434 100644
--- a/src/lxc/lxc_user_nic.c
+++ b/src/lxc/lxc_user_nic.c
@@ -590,7 +590,11 @@ int main(int argc, char *argv[])
char *vethname = NULL;
int pid;
- /* set a sane path, because we are setuid-root */
+ /* set a sane env, because we are setuid-root */
+ if (clearenv() < 0) {
+ fprintf(stderr, "Failed to clear environment");
+ exit(1);
+ }
if (setenv("PATH", "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 1) < 0) {
fprintf(stderr, "Failed to set PATH, exiting\n");
exit(1);
--
2.1.0.rc1
More information about the lxc-devel
mailing list