Bug 619533
Summary: | mock is not clearing the environment when it drops privs | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Toshio Ernie Kuratomi <a.badger> |
Component: | mock | Assignee: | Clark Williams <williams> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | dcantrell, herrold, mebrown, williams |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | mock-1.1.17-1.fc15 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-10-24 23:00:10 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Toshio Ernie Kuratomi
2010-07-29 18:43:46 UTC
I'm looking at how we start subprocesses and how we could pass in an appropriate environment mapping based on the privilege level we have at the time of the call, but I'm not sure this is going to be an easy fix. I believe it means we have to maintain two environment mappings, one from our startup (privileged) and another which is a subset of that, with path components removed. It can be done but the potential for us missing something and causing havoc is high, so I don't want to just throw something together. Actually, looking at the environment I have as a user, I would really like to trim that down to a manageable set. Obviously we need PATH and HOME. Not sure whether we need TERM, LANG, SHELL, TMPDIR, TZ and USER. This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. added the clean_env() function to py/mockbuild/util.py for use in the --shell operation. I need to make sure that I've got all the env variables actually needed but if that function looks ok, I'll add it to the main routine that runs things inside the chroot. Here's what I'm setting up in clean_env() and the return value is used to to replace os.environ: def clean_env(): env = {'TERM' : 'vt100', 'SHELL' : '/bin/bash', 'HOME' : '/builddir', 'HOSTNAME' : 'mock', 'TMPDIR' : '/tmp' } env['LANG'] = os.environ.setdefault('LANG', 'en_US.UTF-8') env['TZ'] = os.environ.setdefault('TZ', 'EST5EDT') return env ok, added the above logic to my tree and queued for mock-1.1.16 release mock-1.1.16-1.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/mock-1.1.16-1.fc15 mock-1.0.23-1.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/mock-1.0.23-1.el5 mock-1.1.16-1.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/mock-1.1.16-1.fc14 mock-1.1.16-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/mock-1.1.16-1.el6 Package mock-1.1.16-1.fc14: * should fix your issue, * was pushed to the Fedora 14 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing mock-1.1.16-1.fc14' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2011-14382 then log in and leave karma (feedback). mock-1.1.16-1.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. mock-1.1.16-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. mock-1.1.17-1.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/mock-1.1.17-1.fc15 mock-1.1.17-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/mock-1.1.17-1.fc16 mock-1.1.17-1.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/mock-1.1.17-1.fc14 mock-1.0.24-1.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/mock-1.0.24-1.el5 mock-1.1.17-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/mock-1.1.17-1.el6 mock-1.1.17-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. mock-1.1.17-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. mock-1.0.24-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. mock-1.1.17-1.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. mock-1.1.17-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. |