Move the env whitelists to an rc var and build in the system whitelist.
This commit is contained in:
Roy Marples
@@ -1,6 +0,0 @@
|
||||
# /etc/conf.d/env_whitelist: Environment whitelist for rc-system
|
||||
|
||||
# Specify which variables are allowed to be passed from the environment to the
|
||||
# rc-system. If it is not set by the environment, then the variable will be
|
||||
# taken from /etc/profile.env - meaning, if you need to set LANG or such,
|
||||
# do it in a /etc/env.d/99myownstuff file for example, and run env-update.
|
||||
@@ -52,6 +52,10 @@ rc_force_auto="NO"
|
||||
# /var/log/rc.log
|
||||
rc_logger="NO"
|
||||
|
||||
# By default we filter the environment for our running scripts. To allow other
|
||||
# variables through, add them here. Use a * to allow all variables through.
|
||||
# rc_env_allow="VAR1 VAR2"
|
||||
|
||||
##############################################################################
|
||||
# MISC CONFIGURATION VARIABLES
|
||||
# There variables are shared between many init scripts
|
||||
|
||||
@@ -1,48 +0,0 @@
|
||||
# System environment whitelist for rc-system
|
||||
# See /etc/conf.d/env_whitelist for details.
|
||||
|
||||
#
|
||||
# Internal variables needed for operation of rc-system
|
||||
# NB: Do not modify below this line if you do not know what you are doing!!
|
||||
#
|
||||
|
||||
# Hotplug
|
||||
IN_HOTPLUG
|
||||
|
||||
# RC network script support
|
||||
IN_BACKGROUND
|
||||
RC_INTERFACE_KEEP_CONFIG
|
||||
|
||||
# Default shell stuff
|
||||
PATH
|
||||
SHELL
|
||||
USER
|
||||
HOME
|
||||
TERM
|
||||
|
||||
# Language variables
|
||||
LANG
|
||||
LC_CTYPE
|
||||
LC_NUMERIC
|
||||
LC_TIME
|
||||
LC_COLLATE
|
||||
LC_MONETARY
|
||||
LC_MESSAGES
|
||||
LC_PAPER
|
||||
LC_NAME
|
||||
LC_ADDRESS
|
||||
LC_TELEPHONE
|
||||
LC_MEASUREMENT
|
||||
LC_IDENTIFICATION
|
||||
LC_ALL
|
||||
|
||||
# From /sbin/init
|
||||
INIT_HALT
|
||||
INIT_VERSION
|
||||
RUNLEVEL
|
||||
PREVLEVEL
|
||||
CONSOLE
|
||||
|
||||
# Allow this through too so we can prefer stuff in /lib when shutting down
|
||||
# or going to single mode.
|
||||
LD_LIBRARY_PATH
|
||||
@@ -44,8 +44,8 @@
|
||||
#include <string.h>
|
||||
|
||||
#include "rc.h"
|
||||
#include "rc-misc.h"
|
||||
#include "strlist.h"
|
||||
#include "../rc-misc.h"
|
||||
#include "../strlist.h"
|
||||
|
||||
#define PROFILE_ENV "/etc/profile.env"
|
||||
#define SYS_WHITELIST RC_LIBDIR "/conf.d/env_whitelist"
|
||||
@@ -113,17 +113,54 @@ char **env_filter (void)
|
||||
char *p;
|
||||
int pplen = strlen (PATH_PREFIX);
|
||||
|
||||
whitelist = rc_config_list (SYS_WHITELIST);
|
||||
if (! whitelist)
|
||||
fprintf (stderr, "system environment whitelist (" SYS_WHITELIST ") missing\n");
|
||||
/* Init a system whitelist, start with shell vars we need */
|
||||
rc_strlist_add (&whitelist, "PATH");
|
||||
rc_strlist_add (&whitelist, "SHELL");
|
||||
rc_strlist_add (&whitelist, "USER");
|
||||
rc_strlist_add (&whitelist, "HOME");
|
||||
rc_strlist_add (&whitelist, "TERM");
|
||||
|
||||
env = rc_config_list (USR_WHITELIST);
|
||||
rc_strlist_join (&whitelist, env);
|
||||
rc_strlist_free (env);
|
||||
env = NULL;
|
||||
/* Add Language vars */
|
||||
rc_strlist_add (&whitelist, "LANG");
|
||||
rc_strlist_add (&whitelist, "LC_CTYPE");
|
||||
rc_strlist_add (&whitelist, "LC_NUMERIC");
|
||||
rc_strlist_add (&whitelist, "LC_TIME");
|
||||
rc_strlist_add (&whitelist, "LC_COLLATE");
|
||||
rc_strlist_add (&whitelist, "LC_MONETARY");
|
||||
rc_strlist_add (&whitelist, "LC_MESSAGES");
|
||||
rc_strlist_add (&whitelist, "LC_PAPER");
|
||||
rc_strlist_add (&whitelist, "LC_NAME");
|
||||
rc_strlist_add (&whitelist, "LC_ADDRESS");
|
||||
rc_strlist_add (&whitelist, "LC_TELEPHONE");
|
||||
rc_strlist_add (&whitelist, "LC_MEASUREMENT");
|
||||
rc_strlist_add (&whitelist, "LC_IDENTIFICATION");
|
||||
rc_strlist_add (&whitelist, "LC_ALL");
|
||||
|
||||
if (! whitelist)
|
||||
return (NULL);
|
||||
/* Allow rc to override library path */
|
||||
rc_strlist_add (&whitelist, "LD_LIBRARY_PATH");
|
||||
|
||||
/* We need to know sysvinit stuff - we emulate this for BSD too */
|
||||
rc_strlist_add (&whitelist, "INIT_HALT");
|
||||
rc_strlist_add (&whitelist, "INIT_VERSION");
|
||||
rc_strlist_add (&whitelist, "RUNLEVEL");
|
||||
rc_strlist_add (&whitelist, "PREVLEVEL");
|
||||
rc_strlist_add (&whitelist, "CONSOLE");
|
||||
|
||||
/* Hotplug and daemon vars */
|
||||
rc_strlist_add (&whitelist, "IN_HOTPLUG");
|
||||
rc_strlist_add (&whitelist, "IN_BACKGROUND");
|
||||
rc_strlist_add (&whitelist, "RC_INTERFACE_KEEP_CONFIG");
|
||||
|
||||
/* Add the user defined list of vars */
|
||||
e = env_name = xstrdup (rc_conf_value ("rc_env_allow"));
|
||||
while ((token = strsep (&e, " "))) {
|
||||
if (token[0] == '*') {
|
||||
free (env_name);
|
||||
return (NULL);
|
||||
}
|
||||
rc_strlist_add (&whitelist, token);
|
||||
}
|
||||
free (env_name);
|
||||
|
||||
if (exists (PROFILE_ENV))
|
||||
profile = rc_config_load (PROFILE_ENV);
|
||||
|
||||
Reference in New Issue
Block a user