Sanitize environment variables in chroot
Context
Currently, buildbox-run-userchroot
will not clear the environment variables inside the chroot. This means that environment variables from the host system will leak into the chroot. This is problematic since it might allow actions to access sensitive information outside the chroot. Moreover, modifying the host's environment variable might pollute the action cache of buildgrid.
Task Description
Describe the steps to take / implementation plan. If it's a bug, do you know how it may be tackled?
- Buildbox-run-userchroot should sanitize the environment variables within the chroot. It should also set other import environment variables, like
$PATH
,$USER
, and$HOME
. There are a few ways to accomplish this:
- Clear the environment variables in the CommandFile, and source
/etc/host
- Clear the environment variables before invoking userchroot, and source
/etc/host
- Construct a new
ExecuteAndStore
which will only include some environment variables in the chroot
Options 1 and 2 might not be very portable, since not all chroots have an /etc/host
. While option 3 can still pollute the action cache.
Acceptance Criteria
Environment variables should not leak into the chroot.
Consider whether the following are required, and complete if so:
-
Unit tests -
Documentation update(s)