[lxc-devel] [PATCH 1/1] lxc-user-nic: be more paranoid
Stéphane Graber
stgraber at ubuntu.com
Mon Aug 25 20:16:14 UTC 2014
On Mon, Aug 25, 2014 at 05:50:25PM +0000, Serge Hallyn wrote:
> Just setting path isn't enough. Clear the whole environment, and only set
> $PATH. It's all we need - ovs-vsctl is running fine this way.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> ---
> src/lxc/lxc_user_nic.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c
> index 145a35d..b2b5434 100644
> --- a/src/lxc/lxc_user_nic.c
> +++ b/src/lxc/lxc_user_nic.c
> @@ -590,7 +590,11 @@ int main(int argc, char *argv[])
> char *vethname = NULL;
> int pid;
>
> - /* set a sane path, because we are setuid-root */
> + /* set a sane env, because we are setuid-root */
> + if (clearenv() < 0) {
> + fprintf(stderr, "Failed to clear environment");
> + exit(1);
> + }
> if (setenv("PATH", "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 1) < 0) {
> fprintf(stderr, "Failed to set PATH, exiting\n");
> exit(1);
> --
> 2.1.0.rc1
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140825/259d1a68/attachment.sig>
More information about the lxc-devel
mailing list