Use getenv not secure_getenv

secure_getenv is a Glibc extension and so this code does not compile
on Musl libc any more after this patch.

secure_getenv is only intended to be used in setuid binaries, in
order that they should not trust their environment. It simply returns
NULL if the binary is running setuid. If runc was installed setuid,
the user can already do anything as root, so it is game over, so this
check is not needed.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit is contained in:
Justin Cormack 2019-03-14 10:58:10 +00:00
parent 2b18fe1d88
commit 6f714aa928
No known key found for this signature in database
GPG Key ID: 609102888A2EE3F9
1 changed files with 2 additions and 2 deletions

View File

@ -249,7 +249,7 @@ static int make_execfd(int *fdtype)
{ {
int fd = -1; int fd = -1;
char template[PATH_MAX] = {0}; char template[PATH_MAX] = {0};
char *prefix = secure_getenv("_LIBCONTAINER_STATEDIR"); char *prefix = getenv("_LIBCONTAINER_STATEDIR");
if (!prefix || *prefix != '/') if (!prefix || *prefix != '/')
prefix = "/tmp"; prefix = "/tmp";
@ -351,7 +351,7 @@ static int try_bindfd(void)
{ {
int fd, ret = -1; int fd, ret = -1;
char template[PATH_MAX] = {0}; char template[PATH_MAX] = {0};
char *prefix = secure_getenv("_LIBCONTAINER_STATEDIR"); char *prefix = getenv("_LIBCONTAINER_STATEDIR");
if (!prefix || *prefix != '/') if (!prefix || *prefix != '/')
prefix = "/tmp"; prefix = "/tmp";