From 5b403fe06c5bf70d85e25deb377306891fa4142b Mon Sep 17 00:00:00 2001 From: Bernard Potocki Date: Mon, 2 Jun 2014 15:03:49 +0200 Subject: [PATCH 1/3] Don't write HOME env variable Loading HOME variable breaks multi-user container (i.e. logging as postgres user) if you try to load variables via `/etc/container_environment.sh`. --- image/my_init | 2 ++ 1 file changed, 2 insertions(+) diff --git a/image/my_init b/image/my_init index 4a97f8e..0c55ee0 100755 --- a/image/my_init +++ b/image/my_init @@ -73,6 +73,8 @@ def import_envvars(clear_existing_environment = True, override_existing_environm def export_envvars(to_dir = True): shell_dump = "" for name, value in os.environ.items(): + if name == 'HOME': + break if to_dir: with open("/etc/container_environment/" + name, "w") as f: f.write(value) From 18a7fe26ec13235db66e37e9c0f3ca24bc0116ed Mon Sep 17 00:00:00 2001 From: Bernard Potocki Date: Wed, 18 Jun 2014 17:29:02 +0200 Subject: [PATCH 2/3] Add USER, GROUP, UID, GID and SHELL to restricted env variables --- image/my_init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image/my_init b/image/my_init index 0c55ee0..c647386 100755 --- a/image/my_init +++ b/image/my_init @@ -73,7 +73,7 @@ def import_envvars(clear_existing_environment = True, override_existing_environm def export_envvars(to_dir = True): shell_dump = "" for name, value in os.environ.items(): - if name == 'HOME': + if name in ['HOME', 'USER', 'GROUP', 'UID', 'GID', 'SHELL']: break if to_dir: with open("/etc/container_environment/" + name, "w") as f: From 2beb0e253ea4bf147eb8c89c4bfbfe02233109ab Mon Sep 17 00:00:00 2001 From: Bernard Potocki Date: Fri, 20 Jun 2014 12:38:17 +0200 Subject: [PATCH 3/3] Change break to continue --- image/my_init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image/my_init b/image/my_init index c647386..eeb24e9 100755 --- a/image/my_init +++ b/image/my_init @@ -74,7 +74,7 @@ def export_envvars(to_dir = True): shell_dump = "" for name, value in os.environ.items(): if name in ['HOME', 'USER', 'GROUP', 'UID', 'GID', 'SHELL']: - break + continue if to_dir: with open("/etc/container_environment/" + name, "w") as f: f.write(value)