lxc-attach: Implement --clear-env and --keep-env

doc/lxc-attach.sgml.in

@@ -54,6 +54,8 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
       <arg choice="opt">-e</arg>
       <arg choice="opt">-s <replaceable>namespaces</replaceable></arg>
       <arg choice="opt">-R</arg>
+      <arg choice="opt">--keep-env</arg>
+      <arg choice="opt">--clear-env</arg>
       <arg choice="opt">-- <replaceable>command</replaceable></arg>
     </cmdsynopsis>
   </refsynopsisdiv>
@@ -173,6 +175,37 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 	</listitem>
       </varlistentry>
 
+      <varlistentry>
+	<term>
+	  <option>--keep-env</option>
+	</term>
+	<listitem>
+	  <para>
+	    Keep the current environment for attached programs. This is
+	    the current default behaviour (as of version 0.9), but is
+	    is likely to change in the future, since this may leak
+	    undesirable information into the container. If you rely on
+	    the environment being available for the attached program,
+	    please use this option to be future-proof. In addition to
+	    current environment variables, container=lxc will be set.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+	<term>
+	  <option>--clear-env</option>
+	</term>
+	<listitem>
+	  <para>
+	    Clear the environment before attaching, so no undesired
+	    environment variables leak into the container. The variable
+	    container=lxc will be the only environment with which the
+	    attached program starts.
+	  </para>
+	</listitem>
+      </varlistentry>
+
      </variablelist>
 
   </refsect1>

src/lxc/attach.c

@@ -277,11 +277,26 @@ int lxc_attach_drop_privs(struct lxc_proc_context_info *ctx)
 	return 0;
 }
 
-int lxc_attach_set_environment()
+int lxc_attach_set_environment(enum lxc_attach_env_policy_t policy, char** extra_env, char** extra_keep)
 {
-	if (clearenv()) {
-		SYSERROR("failed to clear environment");
-		/* don't error out though */
+	/* TODO: implement extra_env, extra_keep
+	 * Rationale:
+	 *  - extra_env is an array of strings of the form
+	 *    "VAR=VALUE", which are to be set (after clearing or not,
+	 *    depending on the value of the policy variable)
+	 *  - extra_keep is an array of strings of the form
+	 *    "VAR", which are extra environment variables to be kept
+	 *    around after clearing (if that is done, otherwise, the
+	 *    remain anyway)
+	 */
+	(void) extra_env;
+	(void) extra_keep;
+
+	if (policy == LXC_ATTACH_CLEAR_ENV) {
+		if (clearenv()) {
+			SYSERROR("failed to clear environment");
+			/* don't error out though */
+		}
 	}
 
 	if (putenv("container=lxc")) {

src/lxc/attach.h

@@ -34,10 +34,15 @@ struct lxc_proc_context_info {
 
 extern struct lxc_proc_context_info *lxc_proc_get_context_info(pid_t pid);
 
+typedef enum lxc_attach_env_policy_t {
+	LXC_ATTACH_KEEP_ENV,
+	LXC_ATTACH_CLEAR_ENV
+} lxc_attach_env_policy_t;
+
 extern int lxc_attach_to_ns(pid_t other_pid, int which);
 extern int lxc_attach_remount_sys_proc();
 extern int lxc_attach_drop_privs(struct lxc_proc_context_info *ctx);
-extern int lxc_attach_set_environment();
+extern int lxc_attach_set_environment(enum lxc_attach_env_policy_t policy, char** extra_env, char** extra_keep);
 
 extern char *lxc_attach_getpwshell(uid_t uid);
 

src/lxc/lxc_attach.c

@@ -55,6 +55,9 @@ static const struct option my_longopts[] = {
 	{"arch", required_argument, 0, 'a'},
 	{"namespaces", required_argument, 0, 's'},
 	{"remount-sys-proc", no_argument, 0, 'R'},
+	/* TODO: decide upon short option names */
+	{"clear-env", no_argument, 0, 500},
+	{"keep-env", no_argument, 0, 501},
 	LXC_COMMON_OPTIONS
 };
 
@@ -62,6 +65,7 @@ static int elevated_privileges = 0;
 static signed long new_personality = -1;
 static int namespace_flags = -1;
 static int remount_sys_proc = 0;
+static lxc_attach_env_policy_t env_policy = LXC_ATTACH_KEEP_ENV;
 
 static int my_parser(struct lxc_arguments* args, int c, char* arg)
 {
@@ -85,6 +89,12 @@ static int my_parser(struct lxc_arguments* args, int c, char* arg)
 		/* -s implies -e */
 		elevated_privileges = 1;
 		break;
+        case 500: /* clear-env */
+                env_policy = LXC_ATTACH_CLEAR_ENV;
+                break;
+        case 501: /* keep-env */
+                env_policy = LXC_ATTACH_KEEP_ENV;
+                break;
 	}
 
 	return 0;
@@ -116,7 +126,15 @@ Options :\n\
                     Remount /sys and /proc if not attaching to the\n\
                     mount namespace when using -s in order to properly\n\
                     reflect the correct namespace context. See the\n\
-                    lxc-attach(1) manual page for details.\n",
+                    lxc-attach(1) manual page for details.\n\
+      --clear-env\n\
+                    Clear all environment variables before attaching.\n\
+                    The attached shell/program will start with only\n\
+                    container=lxc set.\n\
+      --keep-env\n\
+                    Keep all current enivornment variables. This\n\
+                    is the current default behaviour, but is likely to\n\
+                    change in the future.\n",
 	.options  = my_longopts,
 	.parser   = my_parser,
 	.checker  = NULL,
@@ -411,7 +429,7 @@ int main(int argc, char *argv[])
 			return -1;
 		}
 
-		if (lxc_attach_set_environment()) {
+		if (lxc_attach_set_environment(env_policy, NULL, NULL)) {
 			ERROR("could not set environment");
 			return -1;
 		}