diff options
Diffstat (limited to 'examples/unschroot_proc.py')
| -rwxr-xr-x | examples/unschroot_proc.py | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/examples/unschroot_proc.py b/examples/unschroot_proc.py index e75b80b..4885844 100755 --- a/examples/unschroot_proc.py +++ b/examples/unschroot_proc.py @@ -629,6 +629,7 @@ class ContainerSupervisor(asyncvarlink.VarlinkInterface): enable_loopback_if: bool = False, user: str | None = None, cwd: str | None = None, + environ: dict[str, str] | None = None, ) -> asyncvarlink.FileDescriptor: """Turn the corrent supervisor process (should be run from a fork) into the container payload. It's actually another fork that ends @@ -646,6 +647,8 @@ class ContainerSupervisor(asyncvarlink.VarlinkInterface): ) from err uid = record.pw_uid gid = record.pw_gid + if environ is None: + environ = {} # In order for pivot_root to work, the new root must be a mount point, # but as we unshared both a user and mount namespace, the working @@ -696,11 +699,11 @@ class ContainerSupervisor(asyncvarlink.VarlinkInterface): if uid != 0: os.setuid(uid) else: - orig_path = os.environ.get("PATH", "") + orig_path = environ.get("PATH", "") if not orig_path: - os.environ["PATH"] = "/usr/sbin:/sbin:/usr/bin:/bin" + environ["PATH"] = "/usr/sbin:/sbin:/usr/bin:/bin" elif ":/usr/sbin:" not in f":{orig_path}:": - os.environ["PATH"] = orig_path + ":/usr/sbin" + environ["PATH"] = orig_path + ":/usr/sbin" if cwd: os.chdir(cwd) @@ -719,7 +722,7 @@ class ContainerSupervisor(asyncvarlink.VarlinkInterface): # robustness when it does not. linuxnamespaces.prctl_set_pdeathsig(signal.SIGKILL) try: - os.execvp(command[0], command) + os.execvpe(command[0], command, environ) except OSError as err: print(f"failed to exec {command[0]}: {err}", file=sys.stderr) os._exit(127) @@ -980,6 +983,7 @@ async def do_run_session(args: argparse.Namespace) -> None: enable_loopback_if=args.isolate_network, user=args.user, cwd=args.directory, + environ=dict(os.environ), ), ) stack.enter_context(proc2["pidfd"]) |