From: Serge Hallyn <serge.hallyn@ubuntu.com>
Date: Mon, 25 Aug 2014 17:50:25 +0000 (+0000)
Subject: lxc-user-nic: be more paranoid
X-Git-Tag: lxc-1.1.0.alpha2~51
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=361b4fe7e2def4a9357bcf85b557bb6161ef847d;p=thirdparty%2Flxc.git

lxc-user-nic: be more paranoid

Just setting path isn't enough.  Clear the whole environment, and only set
$PATH.  It's all we need - ovs-vsctl is running fine this way.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
---

diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c
index 145a35df6..b2b5434c1 100644
--- a/src/lxc/lxc_user_nic.c
+++ b/src/lxc/lxc_user_nic.c
@@ -590,7 +590,11 @@ int main(int argc, char *argv[])
 	char *vethname = NULL;
 	int pid;
 
-	/* set a sane path, because we are setuid-root */
+	/* set a sane env, because we are setuid-root */
+	if (clearenv() < 0) {
+		fprintf(stderr, "Failed to clear environment");
+		exit(1);
+	}
 	if (setenv("PATH", "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 1) < 0) {
 		fprintf(stderr, "Failed to set PATH, exiting\n");
 		exit(1);