lxc-attach: Implement --clear-env and --keep-env

This patch introduces the --clear-env and --keep-env options for
lxc-attach, that allows the user to specify whether the environment
should be passed on inside the container or not.

This is to be expanded upon in later versions, this patch only
introduces the most basic functionality.

Signed-off-by: Christian Seiler <christian@iwakd.de>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

diff --git a/doc/lxc-attach.sgml.in b/doc/lxc-attach.sgml.in
index 36e1f70f2a4c45fc6e16d9e34f98c5f8b25fa784..a3bdb449993c914206015618e47a75584a8ba230 100644 (file)
--- a/doc/lxc-attach.sgml.in
+++ b/doc/lxc-attach.sgml.in
@@ -54,6 +54,8 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
       <arg choice="opt">-e</arg>
       <arg choice="opt">-s <replaceable>namespaces</replaceable></arg>
       <arg choice="opt">-R</arg>
+      <arg choice="opt">--keep-env</arg>
+      <arg choice="opt">--clear-env</arg>
       <arg choice="opt">-- <replaceable>command</replaceable></arg>
     </cmdsynopsis>
   </refsynopsisdiv>
@@ -173,6 +175,37 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
        </listitem>
       </varlistentry>
 
+      <varlistentry>
+       <term>
+         <option>--keep-env</option>
+       </term>
+       <listitem>
+         <para>
+           Keep the current environment for attached programs. This is
+           the current default behaviour (as of version 0.9), but is
+           is likely to change in the future, since this may leak
+           undesirable information into the container. If you rely on
+           the environment being available for the attached program,
+           please use this option to be future-proof. In addition to
+           current environment variables, container=lxc will be set.
+         </para>
+       </listitem>
+      </varlistentry>
+
+      <varlistentry>
+       <term>
+         <option>--clear-env</option>
+       </term>
+       <listitem>
+         <para>
+           Clear the environment before attaching, so no undesired
+           environment variables leak into the container. The variable
+           container=lxc will be the only environment with which the
+           attached program starts.
+         </para>
+       </listitem>
+      </varlistentry>
+
      </variablelist>
 
   </refsect1>

diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 12adadb56a9ede83d8a833a75099540667106a5a..5b3ee4fc1aa7c1026b9d31bcc0a98e1786fbf6e1 100644 (file)
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -277,11 +277,26 @@ int lxc_attach_drop_privs(struct lxc_proc_context_info *ctx)
        return 0;
 }
 
-int lxc_attach_set_environment()
+int lxc_attach_set_environment(enum lxc_attach_env_policy_t policy, char** extra_env, char** extra_keep)
 {
-       if (clearenv()) {
-               SYSERROR("failed to clear environment");
-               /* don't error out though */
+       /* TODO: implement extra_env, extra_keep
+        * Rationale:
+        *  - extra_env is an array of strings of the form
+        *    "VAR=VALUE", which are to be set (after clearing or not,
+        *    depending on the value of the policy variable)
+        *  - extra_keep is an array of strings of the form
+        *    "VAR", which are extra environment variables to be kept
+        *    around after clearing (if that is done, otherwise, the
+        *    remain anyway)
+        */
+       (void) extra_env;
+       (void) extra_keep;
+
+       if (policy == LXC_ATTACH_CLEAR_ENV) {
+               if (clearenv()) {
+                       SYSERROR("failed to clear environment");
+                       /* don't error out though */
+               }
        }
 
        if (putenv("container=lxc")) {

diff --git a/src/lxc/attach.h b/src/lxc/attach.h
index 404ff4c2233e8ff64aab721731e3b43bc98aea08..151445ae8ec7aa19425f9199e2c3bd89d3f5d04c 100644 (file)
--- a/src/lxc/attach.h
+++ b/src/lxc/attach.h
@@ -34,10 +34,15 @@ struct lxc_proc_context_info {
 
 extern struct lxc_proc_context_info *lxc_proc_get_context_info(pid_t pid);
 
+typedef enum lxc_attach_env_policy_t {
+       LXC_ATTACH_KEEP_ENV,
+       LXC_ATTACH_CLEAR_ENV
+} lxc_attach_env_policy_t;
+
 extern int lxc_attach_to_ns(pid_t other_pid, int which);
 extern int lxc_attach_remount_sys_proc();
 extern int lxc_attach_drop_privs(struct lxc_proc_context_info *ctx);
-extern int lxc_attach_set_environment();
+extern int lxc_attach_set_environment(enum lxc_attach_env_policy_t policy, char** extra_env, char** extra_keep);
 
 extern char *lxc_attach_getpwshell(uid_t uid);
 

diff --git a/src/lxc/lxc_attach.c b/src/lxc/lxc_attach.c
index 7fd76ee21e1ec53ec4c5bf8245f27ea08705e019..77039fbea39b95021e0611f32593b2de7f8cef47 100644 (file)
--- a/src/lxc/lxc_attach.c
+++ b/src/lxc/lxc_attach.c
@@ -55,6 +55,9 @@ static const struct option my_longopts[] = {
        {"arch", required_argument, 0, 'a'},
        {"namespaces", required_argument, 0, 's'},
        {"remount-sys-proc", no_argument, 0, 'R'},
+       /* TODO: decide upon short option names */
+       {"clear-env", no_argument, 0, 500},
+       {"keep-env", no_argument, 0, 501},
        LXC_COMMON_OPTIONS
 };
 
@@ -62,6 +65,7 @@ static int elevated_privileges = 0;
 static signed long new_personality = -1;
 static int namespace_flags = -1;
 static int remount_sys_proc = 0;
+static lxc_attach_env_policy_t env_policy = LXC_ATTACH_KEEP_ENV;
 
 static int my_parser(struct lxc_arguments* args, int c, char* arg)
 {
@@ -85,6 +89,12 @@ static int my_parser(struct lxc_arguments* args, int c, char* arg)
                /* -s implies -e */
                elevated_privileges = 1;
                break;
+        case 500: /* clear-env */
+                env_policy = LXC_ATTACH_CLEAR_ENV;
+                break;
+        case 501: /* keep-env */
+                env_policy = LXC_ATTACH_KEEP_ENV;
+                break;
        }
 
        return 0;
@@ -116,7 +126,15 @@ Options :\n\
                     Remount /sys and /proc if not attaching to the\n\
                     mount namespace when using -s in order to properly\n\
                     reflect the correct namespace context. See the\n\
-                    lxc-attach(1) manual page for details.\n",
+                    lxc-attach(1) manual page for details.\n\
+      --clear-env\n\
+                    Clear all environment variables before attaching.\n\
+                    The attached shell/program will start with only\n\
+                    container=lxc set.\n\
+      --keep-env\n\
+                    Keep all current enivornment variables. This\n\
+                    is the current default behaviour, but is likely to\n\
+                    change in the future.\n",
        .options  = my_longopts,
        .parser   = my_parser,
        .checker  = NULL,
@@ -411,7 +429,7 @@ int main(int argc, char *argv[])
                        return -1;
                }
 
-               if (lxc_attach_set_environment()) {
+               if (lxc_attach_set_environment(env_policy, NULL, NULL)) {
                        ERROR("could not set environment");
                        return -1;
                }