'Re: [gentoo-dev] Re: init.d-scripts don't see stuff from'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    Re: [gentoo-dev]  Re: init.d-scripts don't see stuff from
From:       Martin Schlemmer <azarah () gentoo ! org>
Date:       2005-08-31 7:25:29
Message-ID: 1125473129.7443.35.camel () lycan ! lan
[Download RAW message or body]

On Tue, 2005-08-30 at 22:21 -0400, Mike Frysinger wrote:
> On Tuesday 30 August 2005 10:15 pm, Martin Schlemmer wrote:
> > On Tue, 2005-08-30 at 21:57 -0400, Mike Frysinger wrote:
> > > On Tuesday 30 August 2005 09:41 pm, Sven Köhler wrote:
> > > > > init.d scripts should have a pure env given to them ... which means,
> > > > > they should be run with `env -i` and have only whitelisted variables
> > > > > given to them (and everything that appears in /etc/conf.d/$service
> > > > > /etc/conf.d/rc and /etc/rc.conf) ...
> > > >
> > > > Now that may be too few variables. At least the variable LANG (or
> > > > whatever the system-admin may chose to set) could be seen as a
> > > > system-wide language-setting. It could be intentional, that at least
> > > > some variables are available to the started server-processes.
> > > > Especially a system-wide language-setting would be a good idea.
> > >
> > > that is the point of the whitelist idea ... we gather a 'full
> > > env' (source /etc/profile i guess) and rip out just the whitelisted
> > > variables to pass on to init scripts
> >
> > Although I agree, my personal opinion is that its going to be a major
> > PITA to maintain, and slow things down.
> 
> with the first run, we cache the 'scrubbed' env, and then just use that in the 
> future ?
> 

We both know when somebody finally notice that, they will bitch because
the environment is not updated :)  Damn, did I just point that out ? 8)

> > Also, not only runscript.sh 
> > will have to be 'whitelisted', but also /sbin/rc, which will mean that
> > we now have to wrap two things.  I guess a solution could have been to
> > use /sbin/runscript (the C thing) for both (should work fine
> > as /sbin/rc's interpreter as well), as that would buy some speed and
> > kill one bash fork, but the problem comes in when we start with a
> > vanilla environment that do not have /etc/profile sourced.
> 
> mmm unification is good :)

I did not argue .. was just wondering how much gain (tears?) it will
bring us :)


-- 
Martin Schlemmer


["signature.asc" (application/pgp-signature)]
-- 
gentoo-dev@gentoo.org mailing list


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic