From 361b4fe7e2def4a9357bcf85b557bb6161ef847d Mon Sep 17 00:00:00 2001 From: Serge Hallyn Date: Mon, 25 Aug 2014 17:50:25 +0000 Subject: [PATCH] lxc-user-nic: be more paranoid MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Just setting path isn't enough. Clear the whole environment, and only set $PATH. It's all we need - ovs-vsctl is running fine this way. Signed-off-by: Serge Hallyn Acked-by: Stéphane Graber --- src/lxc/lxc_user_nic.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c index 145a35df6..b2b5434c1 100644 --- a/src/lxc/lxc_user_nic.c +++ b/src/lxc/lxc_user_nic.c @@ -590,7 +590,11 @@ int main(int argc, char *argv[]) char *vethname = NULL; int pid; - /* set a sane path, because we are setuid-root */ + /* set a sane env, because we are setuid-root */ + if (clearenv() < 0) { + fprintf(stderr, "Failed to clear environment"); + exit(1); + } if (setenv("PATH", "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 1) < 0) { fprintf(stderr, "Failed to set PATH, exiting\n"); exit(1);