summaryrefslogtreecommitdiff
path: root/src/Propellor
diff options
context:
space:
mode:
authorJoey Hess2015-05-27 21:11:36 -0400
committerJoey Hess2015-05-27 21:11:36 -0400
commit9ce43e55f8db84ac1111ad29f0c134814f805fed (patch)
treef94c6ba350e2a07c5aeeabe17e0a60f6f9896038 /src/Propellor
parent672a783d3a2804ceeb6f179f37042eba5248f4c1 (diff)
Improve enter-machine scripts for nspawn containers to unset most environment variables.
Diffstat (limited to 'src/Propellor')
-rw-r--r--src/Propellor/Property/Systemd.hs20
1 files changed, 12 insertions, 8 deletions
diff --git a/src/Propellor/Property/Systemd.hs b/src/Propellor/Property/Systemd.hs
index 78a99963..b19c08bc 100644
--- a/src/Propellor/Property/Systemd.hs
+++ b/src/Propellor/Property/Systemd.hs
@@ -215,15 +215,19 @@ enterScript c@(Container name _ _) = setup <!> teardown
where
setup = combineProperties ("generated " ++ enterScriptFile c)
[ scriptfile `File.hasContent`
- [ "#!/bin/sh"
+ [ "#!/usr/bin/perl"
, "# Generated by propellor"
- , "pid=\"$(machinectl show " ++ shellEscape name ++ " -p Leader | cut -d= -f2)\" || true"
- , "if [ -n \"$pid\" ]; then"
- , "\tnsenter -p -u -n -i -m -t \"$pid\" \"$@\""
- , "else"
- , "\techo container not running >&2"
- , "\texit 1"
- , "fi"
+ , "my $pid=`machinectl show " ++ shellEscape name ++ " -p Leader | cut -d= -f2`;"
+ , "chomp $pid;"
+ , "if (length $pid) {"
+ , "\tforeach my $var (keys %ENV) {"
+ , "\t\tdelete $var unless $var eq 'PATH' || $var eq 'TERM';"
+ , "\t}"
+ , "\texec('nsenter', '-p', '-u', '-n', '-i', '-m', '-t', $pid, @ARGV);"
+ , "} else {"
+ , "\tdie 'container not running';"
+ , "}"
+ , "exit(1);"
]
, scriptfile `File.mode` combineModes (readModes ++ executeModes)
]