Drop tmpdir environment variables when not running as dokku user #4333
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This ensures that tmpdir (and related calls) respect the system defaults for temporary directory access. Critically, changing user via 'sudo' will leave the root temp directory in place, which causes dokku to have undefined behavior when writing to temporary files under libpam-tmpdir. This may break cases where users have redefined tmpdir or related variables, but those cases can be remedied by specifying a value for TMPDIR (and related variables) in /etc/default/dokku. Closes #3149
josegonzalez
pushed a commit
that referenced
this pull request
Jan 24, 2021
# History ## 0.23.0 Install/update via the bootstrap script: ```shell wget https://raw.githubusercontent.com/dokku/dokku/v0.23.0/bootstrap.sh sudo DOKKU_TAG=v0.23.0 bash bootstrap.sh ``` See the [0.23.0 migration guide](/docs/appendices/0.23.0-migration-guide.md) for more information on migrating to 0.23.0. ### Bug Fixes - #4356: @josegonzalez Do not retag images unnecessarily - #4355: @josegonzalez Allow underscores in vector schemes - #4350: @josegonzalez Add missing trigger to events plugin - #4348: @josegonzalez Correct app-specific shell handling - #4333: @josegonzalez Drop tmpdir environment variables when not running as dokku user ### New Features - #4336: @josegonzalez Add ability to manage stacks on an app or global level … - #4354: @josegonzalez Log all triggers called by golang in trace output - #4300: @AubreyHewes allow disabling hsts globally and explicitly enable per app - #4337: @josegonzalez Add logrotation to container log files - #4318: @josegonzalez Add ability to set client max body size via nginx:set - #4343: @josegonzalez feat: add initial scheduled task implementation - #4297: @josegonzalez Add support for cloning/syncing from a remote repository - #4340: @bjornpost Allow configuring x-forwarded-* proxy headers via nginx:set ### Refactors - #4349: @josegonzalez Remove need for internal dokku calls ### Documentation - #4347: @fomojola Add post-deploy webhook to list of community plugins - #4342: @AubreyHewes Point to current testing docs - #4341: @josegonzalez Add testing link to contributing.md ### Tests - #4352: @josegonzalez Add a test for application renames - #4351: @josegonzalez Set hostname for CI runs - #4322: @josegonzalez Switch to Github Actions for CI ### Other - #4353: @josegonzalez Drop unused flag introduced by logs max-size feature
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This ensures that tmpdir (and related calls) respect the system defaults for temporary directory access. Critically, changing user via 'sudo' will leave the root temp directory in place, which causes dokku to have undefined behavior when writing to temporary files under libpam-tmpdir.
This may break cases where users have redefined tmpdir or related variables, but those cases can be remedied by specifying a value for TMPDIR (and related variables) in /etc/default/dokku.
Closes #3149
Note: If this PR is just doc changes, please put [ci skip] in the body that way tests do not run.