diff options
-rw-r--r-- | runsc/boot/loader.go | 11 | ||||
-rw-r--r-- | runsc/cmd/exec.go | 29 | ||||
-rw-r--r-- | runsc/specutils/specutils.go | 25 |
3 files changed, 37 insertions, 28 deletions
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go index f41d6c665..d7afd3dc1 100644 --- a/runsc/boot/loader.go +++ b/runsc/boot/loader.go @@ -440,6 +440,10 @@ func createProcessArgs(id string, spec *specs.Spec, creds *auth.Credentials, k * if err != nil { return kernel.CreateProcessArgs{}, fmt.Errorf("creating limits: %v", err) } + env, err := specutils.ResolveEnvs(spec.Process.Env) + if err != nil { + return kernel.CreateProcessArgs{}, fmt.Errorf("resolving env: %w", err) + } wd := spec.Process.Cwd if wd == "" { @@ -449,7 +453,7 @@ func createProcessArgs(id string, spec *specs.Spec, creds *auth.Credentials, k * // Create the process arguments. procArgs := kernel.CreateProcessArgs{ Argv: spec.Process.Args, - Envv: spec.Process.Env, + Envv: env, WorkingDirectory: wd, Credentials: creds, Umask: 0022, @@ -933,6 +937,11 @@ func (l *Loader) executeAsync(args *control.ExecArgs) (kernel.ThreadID, error) { } } + args.Envv, err = specutils.ResolveEnvs(args.Envv) + if err != nil { + return 0, fmt.Errorf("resolving env: %w", err) + } + // Add the HOME environment variable if it is not already set. if kernel.VFS2Enabled { root := args.MountNamespaceVFS2.Root() diff --git a/runsc/cmd/exec.go b/runsc/cmd/exec.go index 8558d34ae..e9726401a 100644 --- a/runsc/cmd/exec.go +++ b/runsc/cmd/exec.go @@ -118,14 +118,14 @@ func (ex *Exec) Execute(_ context.Context, f *flag.FlagSet, args ...interface{}) } log.Debugf("Exec arguments: %+v", e) - log.Debugf("Exec capablities: %+v", e.Capabilities) + log.Debugf("Exec capabilities: %+v", e.Capabilities) // Replace empty settings with defaults from container. if e.WorkingDirectory == "" { e.WorkingDirectory = c.Spec.Process.Cwd } if e.Envv == nil { - e.Envv, err = resolveEnvs(c.Spec.Process.Env, ex.env) + e.Envv, err = specutils.ResolveEnvs(c.Spec.Process.Env, ex.env) if err != nil { Fatalf("getting environment variables: %v", err) } @@ -382,31 +382,6 @@ func argsFromProcess(p *specs.Process, enableRaw bool) (*control.ExecArgs, error }, nil } -// resolveEnvs transforms lists of environment variables into a single list of -// environment variables. If a variable is defined multiple times, the last -// value is used. -func resolveEnvs(envs ...[]string) ([]string, error) { - // First create a map of variable names to values. This removes any - // duplicates. - envMap := make(map[string]string) - for _, env := range envs { - for _, str := range env { - parts := strings.SplitN(str, "=", 2) - if len(parts) != 2 { - return nil, fmt.Errorf("invalid variable: %s", str) - } - envMap[parts[0]] = parts[1] - } - } - // Reassemble envMap into a list of environment variables of the form - // NAME=VALUE. - env := make([]string, 0, len(envMap)) - for k, v := range envMap { - env = append(env, fmt.Sprintf("%s=%s", k, v)) - } - return env, nil -} - // capabilities takes a list of capabilities as strings and returns an // auth.TaskCapabilities struct with those capabilities in every capability set. // This mimics runc's behavior. diff --git a/runsc/specutils/specutils.go b/runsc/specutils/specutils.go index fdbba1832..ea55bbc7d 100644 --- a/runsc/specutils/specutils.go +++ b/runsc/specutils/specutils.go @@ -493,6 +493,31 @@ func EnvVar(env []string, name string) (string, bool) { return "", false } +// ResolveEnvs transforms lists of environment variables into a single list of +// environment variables. If a variable is defined multiple times, the last +// value is used. +func ResolveEnvs(envs ...[]string) ([]string, error) { + // First create a map of variable names to values. This removes any + // duplicates. + envMap := make(map[string]string) + for _, env := range envs { + for _, str := range env { + parts := strings.SplitN(str, "=", 2) + if len(parts) != 2 { + return nil, fmt.Errorf("invalid variable: %s", str) + } + envMap[parts[0]] = parts[1] + } + } + // Reassemble envMap into a list of environment variables of the form + // NAME=VALUE. + env := make([]string, 0, len(envMap)) + for k, v := range envMap { + env = append(env, fmt.Sprintf("%s=%s", k, v)) + } + return env, nil +} + // FaqErrorMsg returns an error message pointing to the FAQ. func FaqErrorMsg(anchor, msg string) string { return fmt.Sprintf("%s; see https://gvisor.dev/faq#%s for more details", msg, anchor) |