Skip to content
This repository has been archived by the owner on Nov 7, 2024. It is now read-only.

012 backports #590

Merged
merged 2 commits into from
Jan 24, 2024
Merged

012 backports #590

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f951494
isolation: Only drop a few strategic environment variables
cgwalters Jan 17, 2024
b88ec5c
lib: Fix omitted lifetime in associated consts
cgwalters Jan 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions lib/src/container/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,11 +113,11 @@ impl TryFrom<&str> for Transport {
}

impl Transport {
const OCI_STR: &str = "oci";
const OCI_ARCHIVE_STR: &str = "oci-archive";
const CONTAINERS_STORAGE_STR: &str = "containers-storage";
const LOCAL_DIRECTORY_STR: &str = "dir";
const REGISTRY_STR: &str = "registry";
const OCI_STR: &'static str = "oci";
const OCI_ARCHIVE_STR: &'static str = "oci-archive";
const CONTAINERS_STORAGE_STR: &'static str = "containers-storage";
const LOCAL_DIRECTORY_STR: &'static str = "dir";
const REGISTRY_STR: &'static str = "registry";

/// Retrieve an identifier that can then be re-parsed from [`Transport::try_from::<&str>`].
pub fn serializable_name(&self) -> &'static str {
Expand Down
6 changes: 3 additions & 3 deletions lib/src/container/store.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -465,9 +465,9 @@ fn timestamp_of_manifest_or_config(

impl ImageImporter {
/// The metadata key used in ostree commit metadata to serialize
const CACHED_KEY_MANIFEST_DIGEST: &str = "ostree-ext.cached.manifest-digest";
const CACHED_KEY_MANIFEST: &str = "ostree-ext.cached.manifest";
const CACHED_KEY_CONFIG: &str = "ostree-ext.cached.config";
const CACHED_KEY_MANIFEST_DIGEST: &'static str = "ostree-ext.cached.manifest-digest";
const CACHED_KEY_MANIFEST: &'static str = "ostree-ext.cached.manifest";
const CACHED_KEY_CONFIG: &'static str = "ostree-ext.cached.config";

/// Create a new importer.
#[context("Creating importer")]
Expand Down
6 changes: 5 additions & 1 deletion lib/src/isolation.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,14 @@ pub(crate) fn unprivileged_subprocess(binary: &str, user: &str) -> Command {
return Command::new(binary);
}
let mut cmd = Command::new("setpriv");
// Clear some strategic environment variables that may cause the containers/image stack
// to look in the wrong places for things.
cmd.env_remove("HOME");
cmd.env_remove("XDG_DATA_DIR");
cmd.env_remove("USER");
cmd.args([
"--no-new-privs",
"--init-groups",
"--reset-env",
"--reuid",
user,
"--bounding-set",
Expand Down
Loading