rkt: inherit environment #565
Comments
What takes precedence when the app has its own explicit environment settings? This doesn't strike me as particularly well thought out. When implementing |
@vcaputo raises a good point, this was something I stumbled upon while working on this. Unfortunately there is no way to distinguish between intentionally and unintentionally set env vars. |
It also doesn't seem like a very wise default choice to automatically inherit all environment variables down to a container's execution environment from a security perspective. There's potentially significant information leaking into something the user has opted to execute as a container, that generally implies a desire for isolation. |
Here is how I think of the inheritance:
I am fine with having We could also add a |
Anyone have thoughts on this order of operations? Seems straightforward and easy to understand. The primary use case will be things like cc @vcaputo |
@philips the inheritance makes sense. I'll prefer to leave --inherit-environment disabled by default as it can expose sensitive data but also change the app behavior in unexpected ways. I also think that a per app --environment flag that will add env vars to the pod manifest (permitting to add new vars and override the app's and the inherited ones) will be very useful. |
Fine with me provided wholesale inheritance is disabled by default. Just to confirm my understanding, when |
@vcaputo Yes, it will be in all apps. The environment of the app takes precedence. In order of evaluation I see:
If FOO=bar in step 1 and FOO=baz in step 3 then FOO=baz will be the final value. |
Ok, the utility seems fairly limited when it doesn't influence variables defaulted by the app, as those variables are likely impactful ones you'd like to alter via In an |
That does seem kind of limited. Wouldn't you want it:
Another semi-related question: is there a way in a systemd unit to have the namespace/whatever inherit only env vars specified in the unit but not from anywhere else? |
@robszumski The problem is that there are important environment variables already in the environment like PATH, TERM, HOME, etc. Making some sort of blacklist gets really tricky pretty fast. |
cc @jedsmith |
When enabled the caller's environment is used to set variables not set by the app images. Fixes rkt#565
All of the applications should inherit the environment by default. This is because we should assume that the user is running rkt under a tool like an init system where the environment is significant. To turn off environment inheritance we should have something like:
rkt run --inherit-environment=false example.com/foo:v2.0.4
/cc @robszumski
The text was updated successfully, but these errors were encountered: