summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--runsc/boot/loader.go11
-rw-r--r--runsc/cmd/exec.go29
-rw-r--r--runsc/specutils/specutils.go25
3 files changed, 37 insertions, 28 deletions
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index f41d6c665..d7afd3dc1 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -440,6 +440,10 @@ func createProcessArgs(id string, spec *specs.Spec, creds *auth.Credentials, k *
if err != nil {
return kernel.CreateProcessArgs{}, fmt.Errorf("creating limits: %v", err)
}
+ env, err := specutils.ResolveEnvs(spec.Process.Env)
+ if err != nil {
+ return kernel.CreateProcessArgs{}, fmt.Errorf("resolving env: %w", err)
+ }
wd := spec.Process.Cwd
if wd == "" {
@@ -449,7 +453,7 @@ func createProcessArgs(id string, spec *specs.Spec, creds *auth.Credentials, k *
// Create the process arguments.
procArgs := kernel.CreateProcessArgs{
Argv: spec.Process.Args,
- Envv: spec.Process.Env,
+ Envv: env,
WorkingDirectory: wd,
Credentials: creds,
Umask: 0022,
@@ -933,6 +937,11 @@ func (l *Loader) executeAsync(args *control.ExecArgs) (kernel.ThreadID, error) {
}
}
+ args.Envv, err = specutils.ResolveEnvs(args.Envv)
+ if err != nil {
+ return 0, fmt.Errorf("resolving env: %w", err)
+ }
+
// Add the HOME environment variable if it is not already set.
if kernel.VFS2Enabled {
root := args.MountNamespaceVFS2.Root()
diff --git a/runsc/cmd/exec.go b/runsc/cmd/exec.go
index 8558d34ae..e9726401a 100644
--- a/runsc/cmd/exec.go
+++ b/runsc/cmd/exec.go
@@ -118,14 +118,14 @@ func (ex *Exec) Execute(_ context.Context, f *flag.FlagSet, args ...interface{})
}
log.Debugf("Exec arguments: %+v", e)
- log.Debugf("Exec capablities: %+v", e.Capabilities)
+ log.Debugf("Exec capabilities: %+v", e.Capabilities)
// Replace empty settings with defaults from container.
if e.WorkingDirectory == "" {
e.WorkingDirectory = c.Spec.Process.Cwd
}
if e.Envv == nil {
- e.Envv, err = resolveEnvs(c.Spec.Process.Env, ex.env)
+ e.Envv, err = specutils.ResolveEnvs(c.Spec.Process.Env, ex.env)
if err != nil {
Fatalf("getting environment variables: %v", err)
}
@@ -382,31 +382,6 @@ func argsFromProcess(p *specs.Process, enableRaw bool) (*control.ExecArgs, error
}, nil
}
-// resolveEnvs transforms lists of environment variables into a single list of
-// environment variables. If a variable is defined multiple times, the last
-// value is used.
-func resolveEnvs(envs ...[]string) ([]string, error) {
- // First create a map of variable names to values. This removes any
- // duplicates.
- envMap := make(map[string]string)
- for _, env := range envs {
- for _, str := range env {
- parts := strings.SplitN(str, "=", 2)
- if len(parts) != 2 {
- return nil, fmt.Errorf("invalid variable: %s", str)
- }
- envMap[parts[0]] = parts[1]
- }
- }
- // Reassemble envMap into a list of environment variables of the form
- // NAME=VALUE.
- env := make([]string, 0, len(envMap))
- for k, v := range envMap {
- env = append(env, fmt.Sprintf("%s=%s", k, v))
- }
- return env, nil
-}
-
// capabilities takes a list of capabilities as strings and returns an
// auth.TaskCapabilities struct with those capabilities in every capability set.
// This mimics runc's behavior.
diff --git a/runsc/specutils/specutils.go b/runsc/specutils/specutils.go
index fdbba1832..ea55bbc7d 100644
--- a/runsc/specutils/specutils.go
+++ b/runsc/specutils/specutils.go
@@ -493,6 +493,31 @@ func EnvVar(env []string, name string) (string, bool) {
return "", false
}
+// ResolveEnvs transforms lists of environment variables into a single list of
+// environment variables. If a variable is defined multiple times, the last
+// value is used.
+func ResolveEnvs(envs ...[]string) ([]string, error) {
+ // First create a map of variable names to values. This removes any
+ // duplicates.
+ envMap := make(map[string]string)
+ for _, env := range envs {
+ for _, str := range env {
+ parts := strings.SplitN(str, "=", 2)
+ if len(parts) != 2 {
+ return nil, fmt.Errorf("invalid variable: %s", str)
+ }
+ envMap[parts[0]] = parts[1]
+ }
+ }
+ // Reassemble envMap into a list of environment variables of the form
+ // NAME=VALUE.
+ env := make([]string, 0, len(envMap))
+ for k, v := range envMap {
+ env = append(env, fmt.Sprintf("%s=%s", k, v))
+ }
+ return env, nil
+}
+
// FaqErrorMsg returns an error message pointing to the FAQ.
func FaqErrorMsg(anchor, msg string) string {
return fmt.Sprintf("%s; see https://gvisor.dev/faq#%s for more details", msg, anchor)