diff options
author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-05-28 16:14:29 +0000 |
---|---|---|
committer | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-05-28 16:14:29 +0000 |
commit | 698a77d97c534c2a7180bfa21aba4d6446d56ebc (patch) | |
tree | f453f3738e8bc839f00f23ebce844ea57639deaf | |
parent | d9fc911053945a77a994116d5ac1bbe4f3b67100 (diff) | |
download | sandboxlib-698a77d97c534c2a7180bfa21aba4d6446d56ebc.tar.gz |
Don't have a 'base' environment, make the caller specify 'env'
The idea with 'extra_env' was that all 'sandboxlib' sandboxes would have
a consistent base environment with standard PATH, etc. But that's not
really workable at all, and only PATH actually matters here anyway.
Now the caller passes in the entire environment as 'env', 'extra_env' is
gone.
-rwxr-xr-x | run-sandbox | 9 | ||||
-rw-r--r-- | sandboxlib/__init__.py | 26 | ||||
-rw-r--r-- | sandboxlib/chroot.py | 4 | ||||
-rw-r--r-- | sandboxlib/linux_user_chroot.py | 4 | ||||
-rw-r--r-- | sandboxlib/load/appc.py | 6 |
5 files changed, 15 insertions, 34 deletions
diff --git a/run-sandbox b/run-sandbox index c25a2ff..6bd44c0 100755 --- a/run-sandbox +++ b/run-sandbox @@ -90,12 +90,13 @@ def run(): elif 'workingDirectory' in manifest['app']: cwd = manifest['app']['workingDirectory'] - extra_env = {} + env = sandboxlib.load.appc.BASE_ENVIRONMENT.copy() + if 'environment' in manifest['app']: for item in manifest['app']['environment']: - extra_env[item['name']] = item['value'] + env[item['name']] = item['value'] - extra_env['AC_APP_NAME'] = manifest['name'] + env['AC_APP_NAME'] = manifest['name'] sharing_config = executor.maximum_possible_isolation() @@ -104,7 +105,7 @@ def run(): ] exit, out, err = executor.run_sandbox( - rootfs_path, command, cwd=cwd, extra_env=extra_env, + rootfs_path, command, cwd=cwd, env=env, extra_mounts=extra_mounts, **sharing_config) # We'll take a punt on the output being valid UTF-8. diff --git a/sandboxlib/__init__.py b/sandboxlib/__init__.py index d620777..0b150d7 100644 --- a/sandboxlib/__init__.py +++ b/sandboxlib/__init__.py @@ -68,7 +68,7 @@ CAPTURE = subprocess.PIPE STDOUT = subprocess.STDOUT -def run_sandbox(command, cwd=None, extra_env=None, +def run_sandbox(command, cwd=None, env=None, filesystem_root='/', filesystem_writable_paths='all', mounts='undefined', extra_mounts=None, network='undefined', @@ -81,8 +81,7 @@ def run_sandbox(command, cwd=None, extra_env=None, - cwd: the working directory of 'command', relative to 'rootfs_path'. Defaults to '/' if "rootfs_path" is specified, and the current directory of the calling process otherwise. - - extra_env: environment variables to set in addition to - BASE_ENVIRONMENT. + - env: environment variables to set - filesystem_root: the path to the root of the sandbox. Defaults to '/', which doesn't isolate the command from the host filesystem at all. - filesystem_writable_paths: defaults to 'all', which allows the command @@ -168,27 +167,6 @@ def sandbox_module_for_platform(): return backend -BASE_ENVIRONMENT = { - # Mandated by https://github.com/appc/spec/blob/master/SPEC.md#execution-environment - 'PATH': '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', -} - - -def environment_vars(extra_env=None): - '''Return the complete set of environment variables for a sandbox. - - The base environment is defined above, and callers can add extra variables - to this or override the defaults by passing a dict to 'extra_env'. - - ''' - env = BASE_ENVIRONMENT.copy() - - if extra_env is not None: - env.update(extra_env) - - return env - - def validate_extra_mounts(extra_mounts): '''Validate and fill in default values for 'extra_mounts' setting.''' if extra_mounts == None: diff --git a/sandboxlib/chroot.py b/sandboxlib/chroot.py index 97391de..9f7b16a 100644 --- a/sandboxlib/chroot.py +++ b/sandboxlib/chroot.py @@ -168,7 +168,7 @@ def run_command_in_chroot(pipe, stdout, stderr, extra_mounts, chroot_path, os._exit(result) -def run_sandbox(command, cwd=None, extra_env=None, +def run_sandbox(command, cwd=None, env=None, filesystem_root='/', filesystem_writable_paths='all', mounts='undefined', extra_mounts=None, network='undefined', @@ -176,8 +176,6 @@ def run_sandbox(command, cwd=None, extra_env=None, if type(command) == str: command = [command] - env = sandboxlib.environment_vars(extra_env) - extra_mounts = process_mount_config(mounts, extra_mounts) process_network_config(network) diff --git a/sandboxlib/linux_user_chroot.py b/sandboxlib/linux_user_chroot.py index 4244d99..cca734f 100644 --- a/sandboxlib/linux_user_chroot.py +++ b/sandboxlib/linux_user_chroot.py @@ -259,7 +259,7 @@ def process_writable_paths(fs_root, writable_paths): return extra_linux_user_chroot_args -def run_sandbox(command, cwd=None, extra_env=None, +def run_sandbox(command, cwd=None, env=None, filesystem_root='/', filesystem_writable_paths='all', mounts='undefined', extra_mounts=None, network='undefined', @@ -282,8 +282,6 @@ def run_sandbox(command, cwd=None, extra_env=None, linux_user_chroot_command.append(filesystem_root) - env = sandboxlib.environment_vars(extra_env) - argv = (unshare_command + linux_user_chroot_command + command) exit, out, err = sandboxlib._run_command(argv, stdout, stderr, env=env) return exit, out, err diff --git a/sandboxlib/load/appc.py b/sandboxlib/load/appc.py index 486391e..7cbafc1 100644 --- a/sandboxlib/load/appc.py +++ b/sandboxlib/load/appc.py @@ -25,6 +25,12 @@ import tarfile import tempfile +# Mandated by https://github.com/appc/spec/blob/master/SPEC.md#execution-environment +BASE_ENVIRONMENT = { + 'PATH': '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', +} + + def is_app_container_image(path): return path.endswith('.aci') |