Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set PATH on the rock for bare bases #711

Open
tigarmo opened this issue Sep 21, 2024 · 1 comment · May be fixed by #725
Open

Set PATH on the rock for bare bases #711

tigarmo opened this issue Sep 21, 2024 · 1 comment · May be fixed by #725
Labels
enhancement New feature or request triaged

Comments

@tigarmo
Copy link
Collaborator

tigarmo commented Sep 21, 2024

What needs to get done

When packing a rock with a bare base, set the PATH environment variable.

Why it needs to get done

For security - an empty PATH will mean the implicitly addition of the current working directory.
@tigarmo tigarmo added enhancement New feature or request triaged labels Sep 21, 2024
@syncronize-issues-to-jira Syncronize issues to Jira
Copy link

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/CRAFT-3437.

This message was autogenerated

tigarmo added a commit that referenced this issue Oct 4, 2024
@tigarmo
fix: set PATH on bare-based rocks
4ab7643 
This PATH setting on the image itself has no bearing on most cases, as the
PATH that prevails is the one defined by Pebble and its services. However,
an empty (or unset) PATH is a potential security issue so we set it to a
value that is known to be good at container-run-time.

Fixes #711
@tigarmo tigarmo linked a pull request Oct 4, 2024 that will close this issue
Draft
1 task
tigarmo added a commit that referenced this issue Oct 4, 2024
@tigarmo
fix: set PATH on bare-based rocks
f6cc236 
This PATH setting on the image itself has no bearing on most cases, as the
PATH that prevails is the one defined by Pebble and its services. However,
an empty (or unset) PATH is a potential security issue so we set it to a
value that is known to be good at container-run-time.

Fixes #711
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request triaged
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: set PATH on bare-based rocks canonical/rockcraft
1 participant
@tigarmo