Date: Thu, 25 Jul 2002 09:42:25 +0300 From: Ruslan Ermilov <ru@FreeBSD.ORG> To: Makoto Matsushita <matusita@jp.FreeBSD.org> Cc: arch@FreeBSD.ORG Subject: Re: Call for Review: more pristine environment for release build Message-ID: <20020725064225.GD56367@sunbay.com> In-Reply-To: <20020608180049M.matusita@jp.FreeBSD.org> References: <20020608180049M.matusita@jp.FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--76DTJ5CE0DCVQemd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jun 08, 2002 at 06:00:49PM +0900, Makoto Matsushita wrote: >=20 > Current chroot sandbox inherits parent's environment variables. > However, there is only 'PATH' environment variable which should be > inherited from the parent. Since there are several _fixed_ > directories to be listed in PATH, we can safely listed directories in > static. >=20 > Following patch enables that: > * PATH list is set statically. > * Use 'env -i' to eliminate parent environment variables when > starting chroot(8) sandbox. >=20 > Note: > 1) '/sbin' should be listed in PATH (/sbin/{u,}mount will be > there). I don't know about '/usr/sbin', but it is safe for > us IMHO. > 2) 'chroot' should be full-path, since /bin/sh's default PATH > is "/bin:/usr/bin"; without full-path, env can't start chroot. >=20 > If there are no problems, I'll commit it later (maybe several days > after or so). Any comments, suggestions, and objections are welcome. >=20 This had only one disadvantage so far. I could no longer pass NO_WERROR globally through the environment; passing it with WORLD_FLAGS/KERNEL_FLAGS does not make it propagate to release.5. JFYI. Cheers, --=20 Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --76DTJ5CE0DCVQemd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9P53RUkv4P6juNwoRAjBNAJwP7oETMosQYA6uaJkG5c+6u0+WAQCeJF1U DuL/fOqjYen1NATbeLT+o0k= =EsH7 -----END PGP SIGNATURE----- --76DTJ5CE0DCVQemd-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020725064225.GD56367>