#4252 use whitelist for vfb env

Xpra-org · Jun 16, 2024 · e1b5660 · e1b5660
1 parent ac0f2c1
commit e1b5660
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 7 deletions.
diff --git a/xpra/util/env.py b/xpra/util/env.py
@@ -3,10 +3,12 @@
 # Xpra is released under the terms of the GNU GPL v2, or, at your option, any
 # later version. See the file COPYING for details.
 
+import re
 import os
 import sys
 import warnings
 from contextlib import AbstractContextManager, nullcontext
+from collections.abc import Sequence
 from threading import RLock
 from typing import Any
 
@@ -248,13 +250,18 @@ def get_saved_env_var(var, default=None):
     return _saved_env.get(var, default)
 
 
-def get_exec_env(remove=("LS_COLORS", "LESSOPEN", "HISTCONTROL", "HISTSIZE", )) -> dict[str, str]:
-    # let's make things more complicated than they should be:
-    # on win32, the environment can end up containing unicode, and subprocess chokes on it
+def get_exec_env(remove: Sequence[str] = ("LS_COLORS", "LESSOPEN", "HISTCONTROL", "HISTSIZE", ),
+                 keep: Sequence[str] = ()) -> dict[str, str]:
     env: dict[str, str] = {}
     for k, v in os.environ.items():
-        if k in remove:
+        # anything matching `remove` is dropped:
+        if any(re.match(pattern, k) for pattern in remove):
             continue
+        # if `keep` is empty, then we ignore it, otherwise we require a match:
+        if keep and not any(re.match(pattern, k) for pattern in keep):
+            continue
+        # let's make things more complicated than they should be:
+        # on win32, the environment can end up containing unicode, and subprocess chokes on it:
         try:
             env[k] = v.encode("utf8").decode("latin1")
         except UnicodeError:

diff --git a/xpra/x11/vfb_util.py b/xpra/x11/vfb_util.py
@@ -19,7 +19,7 @@
 from xpra.common import RESOLUTION_ALIASES, DEFAULT_REFRESH_RATE, get_refresh_rate_for_value
 from xpra.scripts.config import InitException, get_Xdummy_confdir, FALSE_OPTIONS
 from xpra.util.str_fn import csv
-from xpra.util.env import envint, envbool, shellsub, osexpand
+from xpra.util.env import envint, envbool, shellsub, osexpand, get_exec_env
 from xpra.os_util import getuid, getgid, POSIX, OSX
 from xpra.server.util import setuidgid
 from xpra.util.io import is_writable, pollwait
@@ -292,6 +292,10 @@ def pathexpand(s: str) -> str:
     if (xvfb_executable.endswith("Xorg") or xvfb_executable.endswith("Xdummy")) and pixel_depth > 0:
         xvfb_cmd.append("-depth")
         xvfb_cmd.append(str(pixel_depth))
+    env = get_exec_env(keep=("SHELL", "HOSTNAME", "XMODIFIERS",
+                             "PWD", "HOME", "USERNAME", "LANG", "TERM", "USER",
+                             "XDG_RUNTIME_DIR", "XDG_DATA_DIR", "PATH"))
+    log(f"xvfb env={env}")
     xvfb = None
     try:
         if use_display_fd:
@@ -314,7 +318,7 @@ def preexec() -> None:
                     # pylint: disable=consider-using-with
                     # pylint: disable=subprocess-popen-preexec-fn
                     xvfb = Popen(xvfb_cmd, executable=xvfb_executable,
-                                 preexec_fn=preexec, cwd=cwd, pass_fds=(w_pipe,))
+                                 preexec_fn=preexec, cwd=cwd, env=env, pass_fds=(w_pipe,))
                 except OSError as e:
                     log("Popen%s", (xvfb_cmd, xvfb_executable, cwd), exc_info=True)
                     raise InitException(f"failed to execute xvfb command {xvfb_cmd}: {e}") from None
@@ -362,7 +366,7 @@ def preexec() -> None:
             # pylint: disable=consider-using-with
             # pylint: disable=subprocess-popen-preexec-fn
             xvfb = Popen(xvfb_cmd, executable=xvfb_executable,
-                         stdin=PIPE, preexec_fn=preexec)
+                         stdin=PIPE, preexec_fn=preexec, env=env)
     except Exception:
         if xvfb and xvfb.poll() is None:
             log.error(" stopping vfb process with pid %i", xvfb.pid)