Don't leak NS_* environment variables into the container. - mrrl-containers

commit e4d211a05bf989356b7698bb74ac8adfc311e7a1
parent 84bccae950d1e8c76f85b799de128f42a067b4bb
Author: Jan Pobříslo <ccx@te2000.cz>
Date:   Thu, 11 Feb 2021 17:05:58 +0000

Don't leak NS_* environment variables into the container.
Diffstat:
M sbin/ns_run  | 4 +++-

1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sbin/ns_run b/sbin/ns_run
@@ -123,12 +123,14 @@ if {
 	importas -i NS_EXTRA NS_EXTRA
 	execlineb -c $NS_EXTRA
 }
+unexport NS_EXTRA
 
 if {
 	if -t { s6-test -v NS_FSTAB }
 	importas -i NS_FSTAB NS_FSTAB
 	mount -a --fstab $NS_FSTAB
 }
+unexport NS_FSTAB
 
 # now we can make /dev immutable
 if { mount -o remount,ro dev }
@@ -137,5 +139,5 @@ if { mount -o remount,ro dev }
 # * does pivot_root to change rootdir
 # * umounts all undesired filesystems
 # * execs into $@
-importas -i NS_FINAL_SCRIPT NS_FINAL_SCRIPT
+importas -i -u NS_FINAL_SCRIPT NS_FINAL_SCRIPT
 execlineb -c $NS_FINAL_SCRIPT

	mrrl-containers MRRL version of container scripts
	git clone https://ccx.te2000.cz/git/mrrl-containers
	Log \| Files \| Refs