Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 08 Jun 2002 18:00:49 +0900
From:      Makoto Matsushita <matusita@jp.FreeBSD.org>
To:        arch@FreeBSD.org
Subject:   Call for Review: more pristine environment for release build
Message-ID:  <20020608180049M.matusita@jp.FreeBSD.org>
next in thread | raw e-mail | index | archive | help 


Current chroot sandbox inherits parent's environment variables.
However, there is only 'PATH' environment variable which should be
inherited from the parent.  Since there are several _fixed_
directories to be listed in PATH, we can safely listed directories in
static.

Following patch enables that:
	* PATH list is set statically.
	* Use 'env -i' to eliminate parent environment variables when
	  starting chroot(8) sandbox.

	Note:
	1) '/sbin' should be listed in PATH (/sbin/{u,}mount will be
	   there). I don't know about '/usr/sbin', but it is safe for
	   us IMHO.
	2) 'chroot' should be full-path, since /bin/sh's default PATH
	   is "/bin:/usr/bin"; without full-path, env can't start chroot.

If there are no problems, I'll commit it later (maybe several days
after or so).  Any comments, suggestions, and objections are welcome.

Thanks in advance,
-- -
Makoto `MAR' Matsushita


Index: Makefile
===================================================================
RCS file: /home/ncvs/src/release/Makefile,v
retrieving revision 1.686
diff -u -r1.686 Makefile
--- Makefile	8 Jun 2002 03:15:50 -0000	1.686
+++ Makefile	8 Jun 2002 08:44:07 -0000
@@ -392,7 +392,7 @@
 .endif
 	# Don't remove this, or the build will fall over!
 	echo "export RELEASEDIR=${_R}"		>> ${CHROOTDIR}/mk
-	echo "export PATH=$${PATH}:${LOCALDIR}"	>> ${CHROOTDIR}/mk
+	echo "export PATH=/bin:/usr/bin:/sbin:/usr/sbin:${LOCALDIR}"	>> ${CHROOTDIR}/mk
 	echo "export TMPDIR=/tmp"		>> ${CHROOTDIR}/mk
 	echo "export MAKEOBJDIRPREFIX=/usr/obj"	>> ${CHROOTDIR}/mk
 	echo "export MANBUILDCAT=YES"		>> ${CHROOTDIR}/mk
@@ -406,7 +406,7 @@
 	echo "make \$${_RELTARGET}"		>> ${CHROOTDIR}/mk
 	echo "echo \">>> make ${.TARGET} for ${TARGET} finished on \`LC_ALL=C TZ=GMT date\`\"" >> ${CHROOTDIR}/mk
 	chmod 755 ${CHROOTDIR}/mk
-	chroot ${CHROOTDIR} /mk
+	env -i /usr/sbin/chroot ${CHROOTDIR} /mk
 
 clean:
 	rm -rf boot_crunch release.[0-9]

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020608180049M.matusita>