summaryrefslogtreecommitdiff
path: root/examples
diff options
context:
space:
mode:
authorHelmut Grohne <helmut@subdivi.de>2025-08-18 21:39:29 +0200
committerHelmut Grohne <helmut@subdivi.de>2025-08-18 21:39:29 +0200
commit3c9d94d6f5d6faadc1dabf8c643176400e3608cf (patch)
tree24b5106b8be706abe5ab85f103ee20985d90b996 /examples
parent6f43d14c91da544b26f1f901e7105e11c08f7d9c (diff)
downloadpython-linuxnamespaces-3c9d94d6f5d6faadc1dabf8c643176400e3608cf.tar.gz
examples/unschroot_proc.py: preserve environment of the callerHEADmain
Before this change, the environment would always be the one used with --begin-session. After this change, the environment used always is the one used with --run-session. --preserve-environment was and still is implied.
Diffstat (limited to 'examples')
-rwxr-xr-xexamples/unschroot_proc.py12
1 files changed, 8 insertions, 4 deletions
diff --git a/examples/unschroot_proc.py b/examples/unschroot_proc.py
index e75b80b..4885844 100755
--- a/examples/unschroot_proc.py
+++ b/examples/unschroot_proc.py
@@ -629,6 +629,7 @@ class ContainerSupervisor(asyncvarlink.VarlinkInterface):
enable_loopback_if: bool = False,
user: str | None = None,
cwd: str | None = None,
+ environ: dict[str, str] | None = None,
) -> asyncvarlink.FileDescriptor:
"""Turn the corrent supervisor process (should be run from a fork)
into the container payload. It's actually another fork that ends
@@ -646,6 +647,8 @@ class ContainerSupervisor(asyncvarlink.VarlinkInterface):
) from err
uid = record.pw_uid
gid = record.pw_gid
+ if environ is None:
+ environ = {}
# In order for pivot_root to work, the new root must be a mount point,
# but as we unshared both a user and mount namespace, the working
@@ -696,11 +699,11 @@ class ContainerSupervisor(asyncvarlink.VarlinkInterface):
if uid != 0:
os.setuid(uid)
else:
- orig_path = os.environ.get("PATH", "")
+ orig_path = environ.get("PATH", "")
if not orig_path:
- os.environ["PATH"] = "/usr/sbin:/sbin:/usr/bin:/bin"
+ environ["PATH"] = "/usr/sbin:/sbin:/usr/bin:/bin"
elif ":/usr/sbin:" not in f":{orig_path}:":
- os.environ["PATH"] = orig_path + ":/usr/sbin"
+ environ["PATH"] = orig_path + ":/usr/sbin"
if cwd:
os.chdir(cwd)
@@ -719,7 +722,7 @@ class ContainerSupervisor(asyncvarlink.VarlinkInterface):
# robustness when it does not.
linuxnamespaces.prctl_set_pdeathsig(signal.SIGKILL)
try:
- os.execvp(command[0], command)
+ os.execvpe(command[0], command, environ)
except OSError as err:
print(f"failed to exec {command[0]}: {err}", file=sys.stderr)
os._exit(127)
@@ -980,6 +983,7 @@ async def do_run_session(args: argparse.Namespace) -> None:
enable_loopback_if=args.isolate_network,
user=args.user,
cwd=args.directory,
+ environ=dict(os.environ),
),
)
stack.enter_context(proc2["pidfd"])