From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1EAN09-0002gG-97 for garchives@archives.gentoo.org; Wed, 31 Aug 2005 07:27:17 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j7V7ONqt008004; Wed, 31 Aug 2005 07:24:23 GMT Received: from ctb-mesg1.saix.net (ctb-mesg1.saix.net [196.25.240.81]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j7V7LrvW017514 for ; Wed, 31 Aug 2005 07:21:53 GMT Received: from gateway.lan (wblv-146-203-172.telkomadsl.co.za [165.146.203.172]) by ctb-mesg1.saix.net (Postfix) with ESMTP id D70A85B1B for ; Wed, 31 Aug 2005 09:24:03 +0200 (SAST) Received: from localhost (localhost.localdomain [127.0.0.1]) by gateway.lan (Postfix) with ESMTP id 4BD8D3A2482 for ; Wed, 31 Aug 2005 08:57:37 +0200 (SAST) Received: from gateway.lan ([127.0.0.1]) by localhost (gateway.lan [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29755-03 for ; Wed, 31 Aug 2005 08:57:26 +0200 (SAST) Received: from lycan.lan (lycan.lan [192.168.0.5]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by gateway.lan (Postfix) with ESMTP id 73DF53A23CC for ; Wed, 31 Aug 2005 08:57:26 +0200 (SAST) Subject: Re: [gentoo-dev] Re: init.d-scripts don't see stuff from /etc/profile.env From: Martin Schlemmer To: gentoo-dev@lists.gentoo.org In-Reply-To: <200508302221.22868.vapier@gentoo.org> References: <200508302157.52550.vapier@gentoo.org> <1125454523.7443.28.camel@lycan.lan> <200508302221.22868.vapier@gentoo.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-aL1nc/1FRFD+QXc4naio" Organization: Gentoo Foundation Date: Wed, 31 Aug 2005 09:25:29 +0200 Message-Id: <1125473129.7443.35.camel@lycan.lan> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.3.8 X-Virus-Scanned: by amavisd-new using ClamAV at nosferatu.za.org X-Archives-Salt: ae52d60c-56bf-4ecf-a333-e17aef63baa1 X-Archives-Hash: 4b4e090553072a0aa37cd6a9bfdb9596 --=-aL1nc/1FRFD+QXc4naio Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Tue, 2005-08-30 at 22:21 -0400, Mike Frysinger wrote: > On Tuesday 30 August 2005 10:15 pm, Martin Schlemmer wrote: > > On Tue, 2005-08-30 at 21:57 -0400, Mike Frysinger wrote: > > > On Tuesday 30 August 2005 09:41 pm, Sven K=C3=B6hler wrote: > > > > > init.d scripts should have a pure env given to them ... which mea= ns, > > > > > they should be run with `env -i` and have only whitelisted variab= les > > > > > given to them (and everything that appears in /etc/conf.d/$servic= e > > > > > /etc/conf.d/rc and /etc/rc.conf) ... > > > > > > > > Now that may be too few variables. At least the variable LANG (or > > > > whatever the system-admin may chose to set) could be seen as a > > > > system-wide language-setting. It could be intentional, that at leas= t > > > > some variables are available to the started server-processes. > > > > Especially a system-wide language-setting would be a good idea. > > > > > > that is the point of the whitelist idea ... we gather a 'full > > > env' (source /etc/profile i guess) and rip out just the whitelisted > > > variables to pass on to init scripts > > > > Although I agree, my personal opinion is that its going to be a major > > PITA to maintain, and slow things down. >=20 > with the first run, we cache the 'scrubbed' env, and then just use that i= n the=20 > future ? >=20 We both know when somebody finally notice that, they will bitch because the environment is not updated :) Damn, did I just point that out ? 8) > > Also, not only runscript.sh=20 > > will have to be 'whitelisted', but also /sbin/rc, which will mean that > > we now have to wrap two things. I guess a solution could have been to > > use /sbin/runscript (the C thing) for both (should work fine > > as /sbin/rc's interpreter as well), as that would buy some speed and > > kill one bash fork, but the problem comes in when we start with a > > vanilla environment that do not have /etc/profile sourced. >=20 > mmm unification is good :) I did not argue .. was just wondering how much gain (tears?) it will bring us :) --=20 Martin Schlemmer --=-aL1nc/1FRFD+QXc4naio Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQBDFVtpqburzKaJYLYRAnY4AKCH0DEfJvBNeSfKl2rR2XQJtXRvyACaA63m 7RAHCmxs3BXzbRgXO3giqCA= =D6Xb -----END PGP SIGNATURE----- --=-aL1nc/1FRFD+QXc4naio-- -- gentoo-dev@gentoo.org mailing list