Sanitizing of environment variables and fixed passing of vars to shell

master
xSmurf 10 years ago
parent 2b2de2fa31
commit fe2776b1ad

@ -6,28 +6,33 @@ import (
)
type Config struct {
ProfileDir string `json:"profile_dir"`
ShellPath string `json:"shell_path"`
SandboxPath string `json:"sandbox_path"`
BridgeMACAddr string `json:"bridge_mac"`
NMIgnoreFile string `json:"nm_ignore_file"`
UseFullDev bool `json:"use_full_dev"`
AllowRootShell bool `json:"allow_root_shell"`
LogXpra bool `json:"log_xpra"`
ProfileDir string `json:"profile_dir"`
ShellPath string `json:"shell_path"`
SandboxPath string `json:"sandbox_path"`
BridgeMACAddr string `json:"bridge_mac"`
NMIgnoreFile string `json:"nm_ignore_file"`
UseFullDev bool `json:"use_full_dev"`
AllowRootShell bool `json:"allow_root_shell"`
LogXpra bool `json:"log_xpra"`
EnvironmentVars []string `json:"environment_vars"`
}
const DefaultConfigPath = "/etc/oz/oz.conf"
func NewDefaultConfig() *Config {
return &Config{
ProfileDir: "/var/lib/oz/cells.d",
ShellPath: "/bin/bash",
SandboxPath: "/srv/oz",
NMIgnoreFile: "/etc/NetworkManager/conf.d/oz.conf",
BridgeMACAddr: "6A:A8:2E:56:E8:9C",
UseFullDev: false,
AllowRootShell: false,
LogXpra: false,
ProfileDir: "/var/lib/oz/cells.d",
ShellPath: "/bin/bash",
SandboxPath: "/srv/oz",
NMIgnoreFile: "/etc/NetworkManager/conf.d/oz.conf",
BridgeMACAddr: "6A:A8:2E:56:E8:9C",
UseFullDev: false,
AllowRootShell: false,
LogXpra: false,
EnvironmentVars: []string{
"USER", "USERNAME", "LOGNAME",
"LANG", "LANGUAGE", "_",
},
}
}

@ -3,6 +3,7 @@ package daemon
import (
"fmt"
"os/user"
"strings"
"syscall"
"github.com/subgraph/oz"
@ -127,7 +128,8 @@ func (d *daemonState) handleLaunch(msg *LaunchMsg, m *ipc.Message) error {
return m.Respond(&ErrorMsg{err.Error()})
}
d.Debug("Would launch %s", p.Name)
_, err = d.launch(p, msg.Env, m.Ucred.Uid, m.Ucred.Gid, d.log)
env := d.sanitizeEnvironment(p, msg.Env)
_, err = d.launch(p, env, m.Ucred.Uid, m.Ucred.Gid, d.log)
if err != nil {
d.Warning("launch of %s failed: %v", p.Name, err)
return m.Respond(&ErrorMsg{err.Error()})
@ -135,6 +137,41 @@ func (d *daemonState) handleLaunch(msg *LaunchMsg, m *ipc.Message) error {
return m.Respond(&OkMsg{})
}
func (d *daemonState) sanitizeEnvironment(p *oz.Profile, oldEnv []string) ([]string) {
newEnv := []string{}
for _, EnvItem := range d.config.EnvironmentVars {
for _, OldItem := range oldEnv {
if strings.HasPrefix(OldItem, EnvItem+"=") {
newEnv = append(newEnv, EnvItem+"="+strings.Replace(OldItem, EnvItem+"=", "", 1))
break
}
}
}
for _, EnvItem := range p.Environment {
if EnvItem.Value != "" {
d.log.Info("Setting environment variable: %s=%s\n", EnvItem.Name, EnvItem.Value)
newEnv = append(newEnv, EnvItem.Name+"="+EnvItem.Value)
} else {
for _, OldItem := range oldEnv {
if strings.HasPrefix(OldItem, EnvItem.Name+"=") {
NewValue := strings.Replace(OldItem, EnvItem.Name+"=", "", 1)
newEnv = append(newEnv, EnvItem.Name+"="+NewValue)
d.log.Info("Cloning environment variable: %s=%s\n", EnvItem.Name, NewValue)
break
}
}
}
}
return newEnv
}
func (d *daemonState) handleKillSandbox(msg *KillSandboxMsg, m *ipc.Message) error {
sbox := d.sandboxById(msg.Id)
if sbox == nil {

@ -319,7 +319,7 @@ func (st *initState) handleRunShell(rs *RunShellMsg, msg *ipc.Message) error {
Gid: msg.Ucred.Gid,
}
if rs.Term != "" {
cmd.Env = append(cmd.Env, "TERM="+rs.Term)
cmd.Env = append(st.launchEnv, "TERM="+rs.Term)
}
if msg.Ucred.Uid != 0 && msg.Ucred.Gid != 0 {
if homedir, _ := st.fs.GetHomeDir(); homedir != "" {
@ -327,9 +327,11 @@ func (st *initState) handleRunShell(rs *RunShellMsg, msg *ipc.Message) error {
cmd.Env = append(cmd.Env, "HOME="+homedir)
}
}
/*
if st.profile.XServer.Enabled {
cmd.Env = append(cmd.Env, "DISPLAY=:"+strconv.Itoa(st.display))
}
*/
cmd.Env = append(cmd.Env, "PATH=/usr/bin:/bin")
cmd.Env = append(cmd.Env, fmt.Sprintf("PS1=[%s] $ ", st.profile.Name))
st.log.Info("Executing shell...")

Loading…
Cancel
Save