From f43b9f57d49a51f037f440613e2be4725b092141 Mon Sep 17 00:00:00 2001 From: Bernard Potocki Date: Mon, 2 Jun 2014 15:03:49 +0200 Subject: [PATCH 1/3] Don't write HOME env variable Loading HOME variable breaks multi-user container (i.e. logging as postgres user) if you try to load variables via `/etc/container_environment.sh`. --- image/my_init | 2 ++ 1 file changed, 2 insertions(+) diff --git a/image/my_init b/image/my_init index 4a97f8e78..0c55ee009 100755 --- a/image/my_init +++ b/image/my_init @@ -73,6 +73,8 @@ def import_envvars(clear_existing_environment = True, override_existing_environm def export_envvars(to_dir = True): shell_dump = "" for name, value in os.environ.items(): + if name == 'HOME': + break if to_dir: with open("/etc/container_environment/" + name, "w") as f: f.write(value) From 596992d3801b6431ff897a9e5e9725f2f212d43e Mon Sep 17 00:00:00 2001 From: Bernard Potocki Date: Wed, 18 Jun 2014 17:29:02 +0200 Subject: [PATCH 2/3] Add USER, GROUP, UID, GID and SHELL to restricted env variables --- image/my_init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image/my_init b/image/my_init index 0c55ee009..c647386aa 100755 --- a/image/my_init +++ b/image/my_init @@ -73,7 +73,7 @@ def import_envvars(clear_existing_environment = True, override_existing_environm def export_envvars(to_dir = True): shell_dump = "" for name, value in os.environ.items(): - if name == 'HOME': + if name in ['HOME', 'USER', 'GROUP', 'UID', 'GID', 'SHELL']: break if to_dir: with open("/etc/container_environment/" + name, "w") as f: From 723b44aee6f2b6aa9f6784c5e0f4a6081e62d473 Mon Sep 17 00:00:00 2001 From: Bernard Potocki Date: Fri, 20 Jun 2014 12:38:17 +0200 Subject: [PATCH 3/3] Change break to continue --- image/my_init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image/my_init b/image/my_init index c647386aa..eeb24e9d3 100755 --- a/image/my_init +++ b/image/my_init @@ -74,7 +74,7 @@ def export_envvars(to_dir = True): shell_dump = "" for name, value in os.environ.items(): if name in ['HOME', 'USER', 'GROUP', 'UID', 'GID', 'SHELL']: - break + continue if to_dir: with open("/etc/container_environment/" + name, "w") as f: f.write(value)