Sanitize environment variables in chroot

Context

Currently, buildbox-run-userchroot will not clear the environment variables inside the chroot. This means that environment variables from the host system will leak into the chroot. This is problematic since it might allow actions to access sensitive information outside the chroot. Moreover, modifying the host's environment variable might pollute the action cache of buildgrid.

Task Description

Describe the steps to take / implementation plan. If it's a bug, do you know how it may be tackled?

• Buildbox-run-userchroot should sanitize the environment variables within the chroot. It should also set other import environment variables, like $PATH, $USER, and $HOME. There are a few ways to accomplish this:

1. Clear the environment variables in the CommandFile, and source /etc/host
2. Clear the environment variables before invoking userchroot, and source /etc/host
3. Construct a new ExecuteAndStore which will only include some environment variables in the chroot

Options 1 and 2 might not be very portable, since not all chroots have an /etc/host. While option 3 can still pollute the action cache.

Acceptance Criteria

Environment variables should not leak into the chroot.

Consider whether the following are required, and complete if so:

• Unit tests
• Documentation update(s)