From 6f714aa9288f2fde99721b54dd27231caa8d30d2 Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Thu, 14 Mar 2019 10:58:10 +0000 Subject: [PATCH] Use getenv not secure_getenv secure_getenv is a Glibc extension and so this code does not compile on Musl libc any more after this patch. secure_getenv is only intended to be used in setuid binaries, in order that they should not trust their environment. It simply returns NULL if the binary is running setuid. If runc was installed setuid, the user can already do anything as root, so it is game over, so this check is not needed. Signed-off-by: Justin Cormack --- libcontainer/nsenter/cloned_binary.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libcontainer/nsenter/cloned_binary.c b/libcontainer/nsenter/cloned_binary.c index b410e295..ad10f140 100644 --- a/libcontainer/nsenter/cloned_binary.c +++ b/libcontainer/nsenter/cloned_binary.c @@ -249,7 +249,7 @@ static int make_execfd(int *fdtype) { int fd = -1; char template[PATH_MAX] = {0}; - char *prefix = secure_getenv("_LIBCONTAINER_STATEDIR"); + char *prefix = getenv("_LIBCONTAINER_STATEDIR"); if (!prefix || *prefix != '/') prefix = "/tmp"; @@ -351,7 +351,7 @@ static int try_bindfd(void) { int fd, ret = -1; char template[PATH_MAX] = {0}; - char *prefix = secure_getenv("_LIBCONTAINER_STATEDIR"); + char *prefix = getenv("_LIBCONTAINER_STATEDIR"); if (!prefix || *prefix != '/') prefix = "/tmp";