Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] CMD does not use environment from jail #410

Closed
michael-o opened this issue Jun 30, 2021 · 1 comment
Closed

[BUG] CMD does not use environment from jail #410

michael-o opened this issue Jun 30, 2021 · 1 comment
Labels
bug Something isn't working

Comments

@michael-o
Copy link
Contributor

[MANDATORY] Describe the bug [MANDATORY]
When CMD is used in a Bastillefile the environment of the launched command does not correspond to the one in the jail's login.conf. This leads to issue when the command relies on a proper environment.

[MANDATORY] Bastille and FreeBSD version (paste bastille -v && freebsd-version -kru output)
0.8.20210115
12.2-STABLE
12.2-STABLE
12.2-STABLE

[MANDATORY] How did you install bastille? (port/pkg/git)
ports

[optional] Expected behavior
Currently, it does: jexec -l <jail> <command>.... With jexec -l <jail> -U root <command>... it would set the user context after the jail has been entered in code. See here.

[optional] Additional context

I have added the following to my login.conf:

        :setenv=BLOCKSIZE=K,LSCOLORS=ExGxFxdxCxDxDxhbadExEx,CLICOLOR=YES,LESS=-x4 -RFK,\
HTTP_PROXY=http\c//de.coia.siemens.net\c9400,\
HTTPS_PROXY=http\c//de.coia.siemens.net\c9400,\
FTP_PROXY=http\c//de.coia.siemens.net\c9400,\
NO_PROXY=localhost .siemens.net .siemens.com .siemens.de,\
SSL_CA_CERT_PATH=/etc/ssl/certs,\
EDITOR=vim:\

I especially rely the proxy config as well as the SSL_CA_CERT_PATH due to a bug in libfetch. Without that CMD pkg can neither pull from a public repo, e.g., from FreeBSD, not from a repo hosted internally which requires CA certificates installed in the jail with certctl. I am not really keen to modify each command to CMD env VAR=value VAR=value pkg...

This command either needs to be changed a a new one has to be introduced to make it behave as if one has an interactive session inside the jail.
@michael-o michael-o added the bug Something isn't working label Jun 30, 2021
cedwards added a commit to cedwards/bastille that referenced this issue Jul 14, 2021
@cedwards
fix issue BastilleBSD#410 so CMD properly uses jailed env (root)
43a3373
@cedwards cedwards mentioned this issue Jul 14, 2021
Merged
cedwards added a commit that referenced this issue Jul 14, 2021
@cedwards
Merge pull request #418 from cedwards/fix-410-cmd-use-jail-env
fb74bcb 
fix issue #410 so CMD properly uses jailed env (root)
@cedwards
Copy link
Contributor

This has been fixed in merge #418 . Thank you for pointing out the issue and the fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cedwards @michael-o