Support for overriding variables inside the container at runtime

[jtriley]

Fixes #411

This allows users to explicitly override environment variables within the container via SENV_ prefixed environment variables. This prefix gets stripped and the result gets set within the containers's environment. This is especially useful for proxying unsecure variables stripped by ld for suid/sgid executables to the container:

$ whoami
test
$ export LD_LIBRARY_PATH=/test/path
$ singularity exec cuda75.img env | grep LD_LIBRARY_PATH
$ export SENV_LD_LIBRARY_PATH=/test/path
$ singularity exec cuda75.img env | grep LD_LIBRARY_PATH
LD_LIBRARY_PATH=/test/path

• adds a singularity_env_override method to src/lib/action/action.c called by singularity_action_init that looks for env variables that start with prefix, strips the prefix, and sets the resulting key/value inside the container.

@singularityware-admin

[gmkurtzer]

Hi @jtriley, just wanted to check to see if this is ready for a review.

Thanks!

[jtriley]

@gmkurtzer yup this is ready, thanks!

[jtriley]

@gmkurtzer I reworked this using strcmp and strtok_r as discussed. Ready for a review.

[boegel]

Any progress on this? Incl. ETA for a released version with this included?

[gmkurtzer]

@jtriley Can you take a look at the lib-refactor branch and rebase to that? It is gonna be a bit messy I know as things will have to move, but I would prefer you get these changes into that rather then have me respin this into that branch.

Check out https://github.com/singularityware/singularity/blob/lib-refactor/src/lib/runtime/environment/environment.c for a starting point, and you should see I used your code as a template.

Let me know if you have any questions, thanks!

[jtriley]

@gmkurtzer will do

[gmkurtzer]

This has been implemented in the development branch by using the environment variable syntax SINGULARITYENV_ where everything post string will be transposed into the container. To unset a variable simply make it equal a zero length string.