diff options
| author | Joseph Hunkeler <jhunkeler@gmail.com> | 2024-04-02 18:33:27 -0400 | 
|---|---|---|
| committer | Joseph Hunkeler <jhunkeler@gmail.com> | 2024-04-02 18:55:48 -0400 | 
| commit | 333eb381749e174f049b47d7e60ef05893788144 (patch) | |
| tree | e61ef2939b832b6b3347055ed714e605354c8101 | |
| parent | 4bbc4ef460df2b6c65adaca25f2997a75c45bb87 (diff) | |
| download | stasis-333eb381749e174f049b47d7e60ef05893788144.tar.gz | |
Reset HOME to point to a temporary directory to prevent contaminating the user account's home directory with build artifacts, caches, and other artifacts
| -rw-r--r-- | include/deliverable.h | 1 | ||||
| -rw-r--r-- | src/deliverable.c | 7 | 
2 files changed, 8 insertions, 0 deletions
| diff --git a/include/deliverable.h b/include/deliverable.h index 5b80930..640fd06 100644 --- a/include/deliverable.h +++ b/include/deliverable.h @@ -48,6 +48,7 @@ struct Delivery {       */      struct Storage {          char *root;                     ///< Top-level storage area +        char *home;                     ///< Temporary user account profile          char *tmpdir;                   ///< Temporary storage area (within root)          char *output_dir;               ///< Base path to where all artifacts are stored          char *delivery_dir;             ///< Delivery artifact output directory diff --git a/src/deliverable.c b/src/deliverable.c index 3aad47f..d707c21 100644 --- a/src/deliverable.c +++ b/src/deliverable.c @@ -129,6 +129,7 @@ void delivery_free(struct Delivery *ctx) {      guard_runtime_free(ctx->runtime.environ);      guard_free(ctx->storage.root);      guard_free(ctx->storage.tmpdir); +    guard_free(ctx->storage.home);      guard_free(ctx->storage.delivery_dir);      guard_free(ctx->storage.tools_dir);      guard_free(ctx->storage.package_dir); @@ -226,6 +227,7 @@ void delivery_init_dirs_stage1(struct Delivery *ctx) {          exit(1);      } +    path_store(&ctx->storage.home, PATH_MAX, ctx->storage.tmpdir, "home");      path_store(&ctx->storage.build_dir, PATH_MAX, ctx->storage.root, "build");      path_store(&ctx->storage.build_recipes_dir, PATH_MAX, ctx->storage.build_dir, "recipes");      path_store(&ctx->storage.build_sources_dir, PATH_MAX, ctx->storage.build_dir, "sources"); @@ -405,6 +407,11 @@ int delivery_init(struct Delivery *ctx, struct INIFILE *ini, struct INIFILE *cfg      // Create OMC directory structure      delivery_init_dirs_stage1(ctx); +    // Avoid contaminating the user account with artifacts +    // Some SELinux configurations will not enjoy this change. +    setenv("HOME", ctx->storage.home, 1); +    setenv("XDG_CACHE_HOME", ctx->storage.tmpdir, 1); +      // add tools to PATH      char pathvar_tmp[OMC_BUFSIZ];      sprintf(pathvar_tmp, "%s/bin:%s", ctx->storage.tools_dir, getenv("PATH")); | 
