From 3c9d94d6f5d6faadc1dabf8c643176400e3608cf Mon Sep 17 00:00:00 2001
From: Helmut Grohne <helmut@subdivi.de>
Date: Mon, 18 Aug 2025 21:39:29 +0200
Subject: examples/unschroot_proc.py: preserve environment of the caller

Before this change, the environment would always be the one used with
--begin-session. After this change, the environment used always is the
one used with --run-session. --preserve-environment was and still is
implied.
---
 examples/unschroot_proc.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/examples/unschroot_proc.py b/examples/unschroot_proc.py
index e75b80b..4885844 100755
--- a/examples/unschroot_proc.py
+++ b/examples/unschroot_proc.py
@@ -629,6 +629,7 @@ class ContainerSupervisor(asyncvarlink.VarlinkInterface):
         enable_loopback_if: bool = False,
         user: str | None = None,
         cwd: str | None = None,
+        environ: dict[str, str] | None = None,
     ) -> asyncvarlink.FileDescriptor:
         """Turn the corrent supervisor process (should be run from a fork)
         into the container payload. It's actually another fork that ends
@@ -646,6 +647,8 @@ class ContainerSupervisor(asyncvarlink.VarlinkInterface):
                 ) from err
             uid = record.pw_uid
             gid = record.pw_gid
+        if environ is None:
+            environ = {}
 
         # In order for pivot_root to work, the new root must be a mount point,
         # but as we unshared both a user and mount namespace, the working
@@ -696,11 +699,11 @@ class ContainerSupervisor(asyncvarlink.VarlinkInterface):
             if uid != 0:
                 os.setuid(uid)
             else:
-                orig_path = os.environ.get("PATH", "")
+                orig_path = environ.get("PATH", "")
                 if not orig_path:
-                    os.environ["PATH"] = "/usr/sbin:/sbin:/usr/bin:/bin"
+                    environ["PATH"] = "/usr/sbin:/sbin:/usr/bin:/bin"
                 elif ":/usr/sbin:" not in f":{orig_path}:":
-                    os.environ["PATH"] = orig_path + ":/usr/sbin"
+                    environ["PATH"] = orig_path + ":/usr/sbin"
             if cwd:
                 os.chdir(cwd)
 
@@ -719,7 +722,7 @@ class ContainerSupervisor(asyncvarlink.VarlinkInterface):
             # robustness when it does not.
             linuxnamespaces.prctl_set_pdeathsig(signal.SIGKILL)
             try:
-                os.execvp(command[0], command)
+                os.execvpe(command[0], command, environ)
             except OSError as err:
                 print(f"failed to exec {command[0]}: {err}", file=sys.stderr)
                 os._exit(127)
@@ -980,6 +983,7 @@ async def do_run_session(args: argparse.Namespace) -> None:
                 enable_loopback_if=args.isolate_network,
                 user=args.user,
                 cwd=args.directory,
+                environ=dict(os.environ),
             ),
         )
         stack.enter_context(proc2["pidfd"])
-- 
cgit v1.2.3