buildroot: isolate environment from the host

Create a well-defined environment with and use that for the build root. It is not desirable to have the host's environment leak into the container. Add a test to ensure that this works. NB: This was probably an oversight when we switched from systemd- nspawn to bubblewrap.
2021-11-19 18:14:29 +00:00 · 2021-11-19 18:14:29 +00:00 · 0c71289067
commit 0c71289067
parent 969a523058
2 changed files with 51 additions and 3 deletions
--- a/osbuild/buildroot.py
+++ b/osbuild/buildroot.py
@ -264,9 +264,6 @@ class BuildRoot(contextlib.AbstractContextManager):
            "--chdir", "/",
            "--die-with-parent",
            "--new-session",
-            "--setenv", "PATH", "/usr/sbin:/usr/bin",
-            "--setenv", "PYTHONPATH", "/run/osbuild/lib",
-            "--setenv", "PYTHONUNBUFFERED", "1",
            "--unshare-ipc",
            "--unshare-pid",
            "--unshare-net"
@ -276,8 +273,18 @@ class BuildRoot(contextlib.AbstractContextManager):
        cmd += ["--", f"/run/osbuild/lib/runners/{self._runner}"]
        cmd += argv

+        # Setup a new environment for the container.
+        env = {
+            "LC_CTYPE": "C.UTF-8",
+            "PATH": "/usr/sbin:/usr/bin",
+            "PYTHONPATH": "/run/osbuild/lib",
+            "PYTHONUNBUFFERED": "1",
+            "TERM": os.getenv("TERM", "dumb"),
+        }
+
        proc = subprocess.Popen(cmd,
                                bufsize=0,
+                                env=env,
                                stdin=subprocess.DEVNULL,
                                stdout=subprocess.PIPE,
                                stderr=subprocess.STDOUT,
--- a/test/mod/test_buildroot.py
+++ b/test/mod/test_buildroot.py
@ -184,3 +184,44 @@ def test_timeout(tempdir):

        with pytest.raises(TimeoutError):
            root.run(["/bin/sleep", "1"], monitor, timeout=0.1)
+
+
+@pytest.mark.skipif(not TestBase.can_bind_mount(), reason="root only")
+def test_env_isolation(tempdir):
+    runner = detect_host_runner()
+    libdir = os.path.abspath(os.curdir)
+    var = pathlib.Path(tempdir, "var")
+    var.mkdir()
+
+    monitor = NullMonitor(sys.stderr.fileno())
+
+    ipc = pathlib.Path(tempdir, "ipc")
+    ipc.mkdir()
+
+    # Set some env variable to make sure it is not leaked into
+    # the container
+    os.environ["OSBUILD_TEST_ENV_ISOLATION"] = "42"
+
+    with BuildRoot("/", runner, libdir, var) as root:
+        cmd = ["/bin/sh", "-c", "/usr/bin/env > /ipc/env.txt"]
+        r = root.run(cmd, monitor, binds=[f"{ipc}:/ipc"])
+
+    assert r.returncode == 0
+    with open(os.path.join(ipc, "env.txt")) as f:
+        data = f.read().strip()
+    assert data
+    have = dict(map(lambda x: x.split("=", 1), data.split("\n")))
+
+    allowed = [
+        "_",      # added by `env` itself
+        "LC_CTYPE",
+        "PATH",
+        "PWD",
+        "PYTHONPATH",
+        "PYTHONUNBUFFERED",
+        "SHLVL",  # added by the shell wrapper
+        "TERM",
+    ]
+
+    for k in have:
+        assert k in allowed