diff options
| author | Joseph Hunkeler <jhunkeler@gmail.com> | 2024-04-02 18:33:27 -0400 |
|---|---|---|
| committer | Joseph Hunkeler <jhunkeler@gmail.com> | 2024-04-02 18:55:48 -0400 |
| commit | 333eb381749e174f049b47d7e60ef05893788144 (patch) | |
| tree | e61ef2939b832b6b3347055ed714e605354c8101 | |
| parent | 4bbc4ef460df2b6c65adaca25f2997a75c45bb87 (diff) | |
| download | stasis-333eb381749e174f049b47d7e60ef05893788144.tar.gz | |
Reset HOME to point to a temporary directory to prevent contaminating the user account's home directory with build artifacts, caches, and other artifacts
| -rw-r--r-- | include/deliverable.h | 1 | ||||
| -rw-r--r-- | src/deliverable.c | 7 |
2 files changed, 8 insertions, 0 deletions
diff --git a/include/deliverable.h b/include/deliverable.h index 5b80930..640fd06 100644 --- a/include/deliverable.h +++ b/include/deliverable.h @@ -48,6 +48,7 @@ struct Delivery { */ struct Storage { char *root; ///< Top-level storage area + char *home; ///< Temporary user account profile char *tmpdir; ///< Temporary storage area (within root) char *output_dir; ///< Base path to where all artifacts are stored char *delivery_dir; ///< Delivery artifact output directory diff --git a/src/deliverable.c b/src/deliverable.c index 3aad47f..d707c21 100644 --- a/src/deliverable.c +++ b/src/deliverable.c @@ -129,6 +129,7 @@ void delivery_free(struct Delivery *ctx) { guard_runtime_free(ctx->runtime.environ); guard_free(ctx->storage.root); guard_free(ctx->storage.tmpdir); + guard_free(ctx->storage.home); guard_free(ctx->storage.delivery_dir); guard_free(ctx->storage.tools_dir); guard_free(ctx->storage.package_dir); @@ -226,6 +227,7 @@ void delivery_init_dirs_stage1(struct Delivery *ctx) { exit(1); } + path_store(&ctx->storage.home, PATH_MAX, ctx->storage.tmpdir, "home"); path_store(&ctx->storage.build_dir, PATH_MAX, ctx->storage.root, "build"); path_store(&ctx->storage.build_recipes_dir, PATH_MAX, ctx->storage.build_dir, "recipes"); path_store(&ctx->storage.build_sources_dir, PATH_MAX, ctx->storage.build_dir, "sources"); @@ -405,6 +407,11 @@ int delivery_init(struct Delivery *ctx, struct INIFILE *ini, struct INIFILE *cfg // Create OMC directory structure delivery_init_dirs_stage1(ctx); + // Avoid contaminating the user account with artifacts + // Some SELinux configurations will not enjoy this change. + setenv("HOME", ctx->storage.home, 1); + setenv("XDG_CACHE_HOME", ctx->storage.tmpdir, 1); + // add tools to PATH char pathvar_tmp[OMC_BUFSIZ]; sprintf(pathvar_tmp, "%s/bin:%s", ctx->storage.tools_dir, getenv("PATH")); |