[lxc-devel] [lxc/master] start: set environment variables correctly

[brauner on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170913/5bff23c0/attachment.bin>
-------------- next part --------------
From 149857af109151d8a073a59d34225afb991a5989 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Wed, 13 Sep 2017 04:01:41 +0200
Subject: [PATCH] start: set environment variables correctly

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/start.c | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 2186c7530..ae59c6711 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -913,16 +913,10 @@ static int do_start(void *data)
 		INFO("Unshared CLONE_NEWCGROUP.");
 	}
 
-	/* The clearenv() and putenv() calls have been moved here to allow us to
-	 * use environment variables passed to the various hooks, such as the
-	 * start hook above. Not all of the variables like CONFIG_PATH or ROOTFS
-	 * are valid in this context but others are.
+	/* Add the requested environment variables to the current environment to
+	 * allow them to be used by the various hooks, such as the start hook
+	 * above.
 	 */
-	if (clearenv()) {
-		SYSERROR("Failed to clear environment.");
-		/* Don't error out though. */
-	}
-
 	lxc_list_for_each(iterator, &handler->conf->environment) {
 		if (putenv((char *)iterator->elem)) {
 			SYSERROR("Failed to set environment variable: %s.", (char *)iterator->elem);
@@ -1005,6 +999,21 @@ static int do_start(void *data)
 	if (lxc_sync_barrier_parent(handler, LXC_SYNC_CGROUP_LIMITS))
 		goto out_warn_father;
 
+	/* Reset the environment variables the user requested in a clear
+	 * environment.
+	 */
+	if (clearenv()) {
+		SYSERROR("Failed to clear environment.");
+		/* Don't error out though. */
+	}
+
+	lxc_list_for_each(iterator, &handler->conf->environment) {
+		if (putenv((char *)iterator->elem)) {
+			SYSERROR("Failed to set environment variable: %s.", (char *)iterator->elem);
+			goto out_warn_father;
+		}
+	}
+
 	if (putenv("container=lxc")) {
 		SYSERROR("Failed to set environment variable: container=lxc.");
 		goto out_warn_father;