diff options
author | Valentin David <valentin.david@codethink.co.uk> | 2018-07-25 10:13:14 +0200 |
---|---|---|
committer | Valentin David <valentin.david@codethink.co.uk> | 2018-08-10 12:15:04 +0200 |
commit | 13e210351944406730b5b32d8d869ef7ec6bf188 (patch) | |
tree | 947415b9c7ce5c05775f787adbd221cb1747550b | |
parent | 1b652035968d1012131e084ba6016c37531405cc (diff) | |
download | buildstream-13e210351944406730b5b32d8d869ef7ec6bf188.tar.gz |
Set environment in bwrap command line instead of its environment
Fixes #498
-rw-r--r-- | buildstream/sandbox/_sandboxbwrap.py | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/buildstream/sandbox/_sandboxbwrap.py b/buildstream/sandbox/_sandboxbwrap.py index 9ed677620..450f1913f 100644 --- a/buildstream/sandbox/_sandboxbwrap.py +++ b/buildstream/sandbox/_sandboxbwrap.py @@ -87,6 +87,11 @@ class SandboxBwrap(Sandbox): # Grab the full path of the bwrap binary bwrap_command = [utils.get_host_tool('bwrap')] + for k, v in env.items(): + bwrap_command += ['--setenv', k, v] + for k in os.environ.keys() - env.keys(): + bwrap_command += ['--unsetenv', k] + # Create a new pid namespace, this also ensures that any subprocesses # are cleaned up when the bwrap process exits. bwrap_command += ['--unshare-pid'] @@ -192,7 +197,7 @@ class SandboxBwrap(Sandbox): stdin = stack.enter_context(open(os.devnull, "r")) # Run bubblewrap ! - exit_code = self.run_bwrap(bwrap_command, stdin, stdout, stderr, env, + exit_code = self.run_bwrap(bwrap_command, stdin, stdout, stderr, (flags & SandboxFlags.INTERACTIVE)) # Cleanup things which bwrap might have left behind, while @@ -243,7 +248,7 @@ class SandboxBwrap(Sandbox): return exit_code - def run_bwrap(self, argv, stdin, stdout, stderr, env, interactive): + def run_bwrap(self, argv, stdin, stdout, stderr, interactive): # Wrapper around subprocess.Popen() with common settings. # # This function blocks until the subprocess has terminated. @@ -319,7 +324,6 @@ class SandboxBwrap(Sandbox): # The default is to share file descriptors from the parent process # to the subprocess, which is rarely good for sandboxing. close_fds=True, - env=env, stdin=stdin, stdout=stdout, stderr=stderr, |