Bug 1782408

Summary: [RFE] podman exec support for --env-file
Product: Red Hat Enterprise Linux 8 Reporter: Alex Schultz <aschultz>
Component: podmanAssignee: Jindrich Novy <jnovy>
Status: CLOSED ERRATA QA Contact: atomic-bugs <atomic-bugs>
Severity: high Docs Contact:
Priority: unspecified    
Version: 8.4CC: bbaude, dwalsh, jligon, jnovy, johfulto, kanderso, lsm5, mheon, tsweeney, ypu
Target Milestone: rcKeywords: FutureFeature
Target Release: 8.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: podman-1.9.3 and newer Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-07-21 15:31:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alex Schultz 2019-12-11 15:04:11 UTC 
Description of problem:

podman exec currently only supports --env which could leak environment variables via ps and results in very long command lines if there are a bunch of vars. It would be beneficial for exec to support --env-file as well.


Version-Release number of selected component (if applicable):
any

How reproducible:
every time

Steps to Reproduce:
1.
[user@myhost ~]$ sudo podman exec --env VARI=foo -it -u root mysql /bin/bash
()[root@myhost /]#

2.
[user@myhost ~]$ ps aux | grep VARI
root      504494  0.0  0.0 241172  4600 pts/2    S+   15:00   0:00 sudo podman exec --env VARI=foo -it -u root mysql /bin/bash
root      504496  0.4  0.2 701452 42108 pts/2    Sl+  15:00   0:00 podman exec --env VARI=foo -it -u root mysql /bin/bash
centos    504613  0.0  0.0 112708   980 pts/4    S+   15:00   0:00 grep --color=auto VARI


Actual results:

--env shows up in cmd line

Expected results:

--env-file could be used to reduce the cmd line length (if lots of vars) and if there are sensitive variables.


Additional info:
Comment 1 Daniel Walsh 2019-12-11 15:18:59 UTC 
Makes sense to me.  Could you open an Issue on github for this.  Should be a fairly easy thing to add.
Comment 2 Brent Baude 2019-12-11 15:22:32 UTC 
upstream pr -> https://github.com/containers/libpod/pull/4677
Comment 3 Tom Sweeney 2019-12-11 20:36:29 UTC 
Moving to Post and assigning to Jindrich as the PR in comment 2 has merged with the fix.
Comment 4 Jindrich Novy 2019-12-11 20:53:25 UTC 
That PR is already a part of podman 1.6.4.
Comment 19 Joy Pu 2020-06-16 09:29:53 UTC 
Test with podman-1.9.3-2.module+el8.2.1+6867+366c07d6.x86_64 and the env-file works, so set this to verified. Details:
# podman  run -d --name test busybox top
6450cad3a1f5200c60d3513f2085263344098502629756f9d953fb883fe095e2
#  podman exec --env-file envtest  -it test /bin/sh
/ # echo $a $b
hello world
/ # exit
# cat envtest 
a=hello
b=world
Comment 21 errata-xmlrpc 2020-07-21 15:31:54 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:3053