lxc-user-nic: be more paranoid

Just setting path isn't enough.  Clear the whole environment, and only set
$PATH.  It's all we need - ovs-vsctl is running fine this way.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c
index 145a35df666ad058ab783dd06aa598e2625d705d..b2b5434c13295291302f93a7a9eed61e5d01ee4d 100644 (file)
--- a/src/lxc/lxc_user_nic.c
+++ b/src/lxc/lxc_user_nic.c
@@ -590,7 +590,11 @@ int main(int argc, char *argv[])
        char *vethname = NULL;
        int pid;
 
-       /* set a sane path, because we are setuid-root */
+       /* set a sane env, because we are setuid-root */
+       if (clearenv() < 0) {
+               fprintf(stderr, "Failed to clear environment");
+               exit(1);
+       }
        if (setenv("PATH", "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 1) < 0) {
                fprintf(stderr, "Failed to set PATH, exiting\n");
                exit(1);