From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1EAIGG-0006Kz-Kz for garchives@archives.gentoo.org; Wed, 31 Aug 2005 02:23:37 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j7V2Kjoj030952; Wed, 31 Aug 2005 02:20:45 GMT Received: from smtp.gentoo.org (smtp.gentoo.org [134.68.220.30]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j7V2J3ub019508 for ; Wed, 31 Aug 2005 02:19:03 GMT Received: from localhost ([127.0.0.1] helo=home.wh0rd.org) by smtp.gentoo.org with esmtp (Exim 4.43) id 1EAIDy-00088r-If for gentoo-dev@lists.gentoo.org; Wed, 31 Aug 2005 02:21:14 +0000 Received: (qmail 14738 invoked from network); 30 Aug 2005 22:16:09 -0400 Received: from unknown (HELO vapier) (192.168.0.2) by 192.168.0.1 with SMTP; 30 Aug 2005 22:16:09 -0400 From: Mike Frysinger Organization: wh0rd.org To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Re: init.d-scripts don't see stuff from /etc/profile.env Date: Tue, 30 Aug 2005 22:21:22 -0400 User-Agent: KMail/1.8.2 References: <200508302157.52550.vapier@gentoo.org> <1125454523.7443.28.camel@lycan.lan> In-Reply-To: <1125454523.7443.28.camel@lycan.lan> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Message-Id: <200508302221.22868.vapier@gentoo.org> X-MIME-Autoconverted: from quoted-printable to 8bit by robin.gentoo.org id j7V2J3ub019508 Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by robin.gentoo.org id j7V2KjqH030952 X-Archives-Salt: dd46d2c3-0764-4618-ae3b-902547a1afa2 X-Archives-Hash: 5463cf03a21b79137bca41485ed5daf5 On Tuesday 30 August 2005 10:15 pm, Martin Schlemmer wrote: > On Tue, 2005-08-30 at 21:57 -0400, Mike Frysinger wrote: > > On Tuesday 30 August 2005 09:41 pm, Sven K=F6hler wrote: > > > > init.d scripts should have a pure env given to them ... which mea= ns, > > > > they should be run with `env -i` and have only whitelisted variab= les > > > > given to them (and everything that appears in /etc/conf.d/$servic= e > > > > /etc/conf.d/rc and /etc/rc.conf) ... > > > > > > Now that may be too few variables. At least the variable LANG (or > > > whatever the system-admin may chose to set) could be seen as a > > > system-wide language-setting. It could be intentional, that at leas= t > > > some variables are available to the started server-processes. > > > Especially a system-wide language-setting would be a good idea. > > > > that is the point of the whitelist idea ... we gather a 'full > > env' (source /etc/profile i guess) and rip out just the whitelisted > > variables to pass on to init scripts > > Although I agree, my personal opinion is that its going to be a major > PITA to maintain, and slow things down. with the first run, we cache the 'scrubbed' env, and then just use that i= n the=20 future ? > Also, not only runscript.sh=20 > will have to be 'whitelisted', but also /sbin/rc, which will mean that > we now have to wrap two things. I guess a solution could have been to > use /sbin/runscript (the C thing) for both (should work fine > as /sbin/rc's interpreter as well), as that would buy some speed and > kill one bash fork, but the problem comes in when we start with a > vanilla environment that do not have /etc/profile sourced. mmm unification is good :) -mike --=20 gentoo-dev@gentoo.org mailing list