Merge pull request #401 from smcv/clearenv

Add --clearenv option
2026-02-05 15:45:22 +01:00 · 2021-06-23 09:29:52 -04:00
parent 80dc9b5e86 8f72ceb2c4
commit 136b3166bb
4 changed files with 26 additions and 1 deletions
--- a/bubblewrap.c
+++ b/bubblewrap.c
@@ -244,6 +244,7 @@ usage (int ecode, FILE *out)
           "    --gid GID                    Custom gid in the sandbox (requires --unshare-user or --userns)\n"
           "    --hostname NAME              Custom hostname in the sandbox (requires --unshare-uts)\n"
           "    --chdir DIR                  Change directory to DIR\n"
+           "    --clearenv                   Unset all environment variables\n"
           "    --setenv VAR VALUE           Set an environment variable\n"
           "    --unsetenv VAR               Unset an environment variable\n"
           "    --lock-file DEST             Take a lock on DEST while sandbox is running\n"
@@ -2076,6 +2077,10 @@ parse_args_recurse (int          *argcp,
          argv += 1;
          argc -= 1;
        }
+      else if (strcmp (arg, "--clearenv") == 0)
+        {
+          xclearenv ();
+        }
      else if (strcmp (arg, "--setenv") == 0)
        {
          if (argc < 3)
--- a/tests/test-run.sh
+++ b/tests/test-run.sh
@@ -80,7 +80,7 @@ if [ -z "${BWRAP_MUST_WORK-}" ] && ! $RUN true; then
    skip Seems like bwrap is not working at all. Maybe setuid is not working
 fi

-echo "1..55"
+echo "1..56"

 # Test help
 ${BWRAP} --help > help.txt
@@ -531,4 +531,16 @@ $RUN \
 assert_file_has_content file-permissions '^640$'
 echo "ok - files have expected permissions"

+FOO= BAR=baz $RUN --setenv FOO bar sh -c 'echo "$FOO$BAR"' > stdout
+assert_file_has_content stdout barbaz
+FOO=wrong BAR=baz $RUN --setenv FOO bar sh -c 'echo "$FOO$BAR"' > stdout
+assert_file_has_content stdout barbaz
+FOO=wrong BAR=baz $RUN --unsetenv FOO sh -c 'printf "%s%s" "$FOO" "$BAR"' > stdout
+printf baz > reference
+assert_files_equal stdout reference
+FOO=wrong BAR=wrong $RUN --clearenv /usr/bin/env > stdout
+echo "PWD=$(pwd -P)" > reference
+assert_files_equal stdout reference
+echo "ok - environment manipulation"
+
 echo "ok - End of test"
--- a/utils.c
+++ b/utils.c
@@ -230,6 +230,13 @@ has_prefix (const char *str,
  return strncmp (str, prefix, strlen (prefix)) == 0;
 }

+void
+xclearenv (void)
+{
+  if (clearenv () != 0)
+    die_with_error ("clearenv failed");
+}
+
 void
 xsetenv (const char *name, const char *value, int overwrite)
 {
--- a/utils.h
+++ b/utils.h
@@ -62,6 +62,7 @@ void *xrealloc (void  *ptr,
                size_t size);
 char *xstrdup (const char *str);
 void  strfreev (char **str_array);
+void  xclearenv (void);
 void  xsetenv (const char *name,
               const char *value,
               int         overwrite);