Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 25 Jul 2002 09:42:25 +0300
From:      Ruslan Ermilov <ru@FreeBSD.ORG>
To:        Makoto Matsushita <matusita@jp.FreeBSD.org>
Cc:        arch@FreeBSD.ORG
Subject:   Re: Call for Review: more pristine environment for release build
Message-ID:  <20020725064225.GD56367@sunbay.com>
In-Reply-To: <20020608180049M.matusita@jp.FreeBSD.org>
References:  <20020608180049M.matusita@jp.FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--76DTJ5CE0DCVQemd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Jun 08, 2002 at 06:00:49PM +0900, Makoto Matsushita wrote:
>=20
> Current chroot sandbox inherits parent's environment variables.
> However, there is only 'PATH' environment variable which should be
> inherited from the parent.  Since there are several _fixed_
> directories to be listed in PATH, we can safely listed directories in
> static.
>=20
> Following patch enables that:
> 	* PATH list is set statically.
> 	* Use 'env -i' to eliminate parent environment variables when
> 	  starting chroot(8) sandbox.
>=20
> 	Note:
> 	1) '/sbin' should be listed in PATH (/sbin/{u,}mount will be
> 	   there). I don't know about '/usr/sbin', but it is safe for
> 	   us IMHO.
> 	2) 'chroot' should be full-path, since /bin/sh's default PATH
> 	   is "/bin:/usr/bin"; without full-path, env can't start chroot.
>=20
> If there are no problems, I'll commit it later (maybe several days
> after or so).  Any comments, suggestions, and objections are welcome.
>=20
This had only one disadvantage so far.  I could no longer pass NO_WERROR
globally through the environment; passing it with WORLD_FLAGS/KERNEL_FLAGS
does not make it propagate to release.5.  JFYI.


Cheers,
--=20
Ruslan Ermilov		Sysadmin and DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age

--76DTJ5CE0DCVQemd
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iD8DBQE9P53RUkv4P6juNwoRAjBNAJwP7oETMosQYA6uaJkG5c+6u0+WAQCeJF1U
DuL/fOqjYen1NATbeLT+o0k=
=EsH7
-----END PGP SIGNATURE-----

--76DTJ5CE0DCVQemd--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020725064225.GD56367>