warden: Stop leaking environment to containers

Change-Id: Ib9fb211577a4cd72e2912abb1992b5eb26fde8c0

warden/root/linux/skeleton/hook-parent-after-clone.sh

@@ -19,7 +19,7 @@ echo ${PID} > tasks
 
 popd > /dev/null
 
-echo ${PPID} >> ${ASSET_PATH}/ppid
+echo ${PPID} >> ppid
 
 ip link add name ${network_iface_host} type veth peer name ${network_iface_container}
 ip link set ${network_iface_host} netns 1

warden/root/linux/skeleton/start.sh

@@ -13,9 +13,7 @@ if [ -f started ]; then
   exit 1
 fi
 
-export ROOT_PATH=union
-export ASSET_PATH=$(pwd)
-unshare -n ../../../../src/clone/clone
+env -i unshare -n ../../../../src/clone/clone
 
 ifconfig ${network_iface_host} ${network_gateway_ip} netmask ${network_netmask}
 touch started

warden/src/clone/clone.c

@@ -132,9 +132,16 @@ int start(void *data) {
 }
 
 int parent_setup_helper(clone_helper_t *h) {
+  char buf[1024];
   int rv;
 
-  h->new_root_path = getenv("ROOT_PATH");
+  if (getcwd(buf, sizeof(buf)) == NULL) {
+    fprintf(stderr, "getcwd: %s\n", strerror(errno));
+    goto err;
+  }
+
+  h->new_root_path = malloc(sizeof(buf));
+  snprintf(h->new_root_path, sizeof(buf), "%s/%s", buf, "union");
   if (h->new_root_path == NULL) {
     fprintf(stderr, "ROOT_PATH not specified\n");
     goto err;
@@ -146,7 +153,8 @@ int parent_setup_helper(clone_helper_t *h) {
     goto err;
   }
 
-  h->asset_path = getenv("ASSET_PATH");
+  h->asset_path = malloc(sizeof(buf));
+  snprintf(h->asset_path, sizeof(buf), "%s", buf);
   if (h->asset_path == NULL) {
     fprintf(stderr, "ASSET_PATH not specified\n");
     goto err;