};
/* *INDENT-OFF* */
+ TAILQ_INIT(&nsjconf->envs);
TAILQ_INIT(&nsjconf->pids);
TAILQ_INIT(&nsjconf->mountpts);
{{"daemon", no_argument, NULL, 'd'}, "Daemonize after start? (default: false)"},
{{"verbose", no_argument, NULL, 'v'}, "Verbose output (default: false)"},
{{"keep_env", no_argument, NULL, 'e'}, "Should all environment variables be passed to the child? (default: false)"},
+ {{"env", required_argument, NULL, 'E'}, "Environment variable (can be used multiple times)"},
{{"keep_caps", no_argument, NULL, 0x0501}, "Don't drop capabilities (DANGEROUS) (default: false)"},
{{"silent", no_argument, NULL, 0x0502}, "Redirect child's fd:0/1/2 to /dev/null (default: false)"},
{{"disable_sandbox", no_argument, NULL, 0x0503}, "Don't enable the seccomp-bpf sandboxing (default: false)"},
int opt_index = 0;
for (;;) {
- int c =
- getopt_long(argc, argv, "H:D:c:p:i:u:g:l:t:M:Ndveh?R:B:T:I:", opts, &opt_index);
+ int c = getopt_long(argc, argv, "H:D:c:p:i:u:g:l:t:M:Ndveh?E:R:B:T:I:", opts,
+ &opt_index);
if (c == -1) {
break;
}
case 0x0603:
nsjconf->mount_proc = false;
break;
+ case 'E':
+ {
+ struct charptr_t *p = util_malloc(sizeof(struct charptr_t));
+ p->val = optarg;
+ TAILQ_INSERT_TAIL(&nsjconf->envs, p, pointers);
+ }
+ break;
case 'R':
{
struct mounts_t *p = util_malloc(sizeof(struct mounts_t));
MODE_STANDALONE_RERUN
};
+struct charptr_t {
+ char *val;
+ TAILQ_ENTRY(charptr_t) pointers;
+};
+
struct nsjconf_t {
const char *hostname;
const char *cwd;
unsigned int max_conns_per_ip;
size_t tmpfs_size;
bool mount_proc;
+ TAILQ_HEAD(envlist, charptr_t) envs;
TAILQ_HEAD(pidslist, pids_t) pids;
TAILQ_HEAD(mountptslist, mounts_t) mountpts;
};
exit(1);
}
- char *const *env = { NULL };
- if (nsjconf->keep_env == true) {
- env = environ;
+ if (nsjconf->keep_env == false) {
+ clearenv();
+ }
+ struct charptr_t *p;
+ TAILQ_FOREACH(p, &nsjconf->envs, pointers) {
+ putenv(p->val);
}
LOG_D("Trying to execve('%s')", nsjconf->argv[0]);
for (int i = 0; nsjconf->argv[i]; i++) {
LOG_D(" Arg[%d]: '%s'", i, nsjconf->argv[i]);
}
- execve(nsjconf->argv[0], &nsjconf->argv[0], env);
+ execv(nsjconf->argv[0], &nsjconf->argv[0]);
PLOG_E("execve('%s') failed", nsjconf->argv[0]);
projects / platform / upstream / nsjail.git / commitdiff