From fc3c53eda9670ae8f3316d61f959778f11909643 Mon Sep 17 00:00:00 2001 From: Pieter Noordhuis Date: Tue, 27 Mar 2012 15:55:22 -0700 Subject: [PATCH] warden: Stop leaking environment to containers Change-Id: Ib9fb211577a4cd72e2912abb1992b5eb26fde8c0 --- .../root/linux/skeleton/hook-parent-after-clone.sh | 2 +- warden/root/linux/skeleton/start.sh | 4 +--- warden/src/clone/clone.c | 12 ++++++++++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/warden/root/linux/skeleton/hook-parent-after-clone.sh b/warden/root/linux/skeleton/hook-parent-after-clone.sh index 1fcd5da..9797cae 100755 --- a/warden/root/linux/skeleton/hook-parent-after-clone.sh +++ b/warden/root/linux/skeleton/hook-parent-after-clone.sh @@ -19,7 +19,7 @@ echo ${PID} > tasks popd > /dev/null -echo ${PPID} >> ${ASSET_PATH}/ppid +echo ${PPID} >> ppid ip link add name ${network_iface_host} type veth peer name ${network_iface_container} ip link set ${network_iface_host} netns 1 diff --git a/warden/root/linux/skeleton/start.sh b/warden/root/linux/skeleton/start.sh index c52037e..2cb65b6 100755 --- a/warden/root/linux/skeleton/start.sh +++ b/warden/root/linux/skeleton/start.sh @@ -13,9 +13,7 @@ if [ -f started ]; then exit 1 fi -export ROOT_PATH=union -export ASSET_PATH=$(pwd) -unshare -n ../../../../src/clone/clone +env -i unshare -n ../../../../src/clone/clone ifconfig ${network_iface_host} ${network_gateway_ip} netmask ${network_netmask} touch started diff --git a/warden/src/clone/clone.c b/warden/src/clone/clone.c index dfe881a..3a0d7e9 100644 --- a/warden/src/clone/clone.c +++ b/warden/src/clone/clone.c @@ -132,9 +132,16 @@ int start(void *data) { } int parent_setup_helper(clone_helper_t *h) { + char buf[1024]; int rv; - h->new_root_path = getenv("ROOT_PATH"); + if (getcwd(buf, sizeof(buf)) == NULL) { + fprintf(stderr, "getcwd: %s\n", strerror(errno)); + goto err; + } + + h->new_root_path = malloc(sizeof(buf)); + snprintf(h->new_root_path, sizeof(buf), "%s/%s", buf, "union"); if (h->new_root_path == NULL) { fprintf(stderr, "ROOT_PATH not specified\n"); goto err; @@ -146,7 +153,8 @@ int parent_setup_helper(clone_helper_t *h) { goto err; } - h->asset_path = getenv("ASSET_PATH"); + h->asset_path = malloc(sizeof(buf)); + snprintf(h->asset_path, sizeof(buf), "%s", buf); if (h->asset_path == NULL) { fprintf(stderr, "ASSET_PATH not specified\n"); goto err;