Move the env whitelists to an rc var and build in the system whitelist.

4 files changed, 54 insertions, 67 deletions

diff --git a/conf.d/env_whitelist b/conf.d/env_whitelist
deleted file mode 100644
index 30a3695..0000000
--- a/conf.d/env_whitelist
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/conf.d/env_whitelist:  Environment whitelist for rc-system
-
-# Specify which variables are allowed to be passed from the environment to the
-# rc-system.  If it is not set by the environment, then the variable will be
-# taken from /etc/profile.env - meaning, if you need to set LANG or such,
-# do it in a /etc/env.d/99myownstuff file for example, and run env-update.
diff --git a/etc/rc.conf b/etc/rc.conf
index 659e5b1..8cfc0c9 100644
--- a/etc/rc.conf
+++ b/etc/rc.conf
@@ -52,6 +52,10 @@ rc_force_auto="NO"
 # /var/log/rc.log
 rc_logger="NO"
 
+# By default we filter the environment for our running scripts. To allow other
+# variables through, add them here. Use a * to allow all variables through.
+# rc_env_allow="VAR1 VAR2"
+
 ##############################################################################
 # MISC CONFIGURATION VARIABLES
 # There variables are shared between many init scripts
diff --git a/src/env_whitelist b/src/env_whitelist
deleted file mode 100644
index ca21935..0000000
--- a/src/env_whitelist
+++ /dev/null
@@ -1,48 +0,0 @@
-# System environment whitelist for rc-system
-# See /etc/conf.d/env_whitelist for details.
-
-#
-# Internal variables needed for operation of rc-system
-# NB: Do not modify below this line if you do not know what you are doing!!
-#
-
-# Hotplug
-IN_HOTPLUG
-
-# RC network script support
-IN_BACKGROUND
-RC_INTERFACE_KEEP_CONFIG
-
-# Default shell stuff
-PATH
-SHELL
-USER
-HOME
-TERM
-
-# Language variables
-LANG
-LC_CTYPE
-LC_NUMERIC
-LC_TIME
-LC_COLLATE
-LC_MONETARY
-LC_MESSAGES
-LC_PAPER
-LC_NAME
-LC_ADDRESS
-LC_TELEPHONE
-LC_MEASUREMENT
-LC_IDENTIFICATION
-LC_ALL
-
-# From /sbin/init
-INIT_HALT
-INIT_VERSION
-RUNLEVEL
-PREVLEVEL
-CONSOLE
-
-# Allow this through too so we can prefer stuff in /lib when shutting down
-# or going to single mode.
-LD_LIBRARY_PATH
diff --git a/src/rc/rc-misc.c b/src/rc/rc-misc.c
index 0d8b8c1..aacd6fe 100644
--- a/src/rc/rc-misc.c
+++ b/src/rc/rc-misc.c
@@ -44,8 +44,8 @@
 #include <string.h>
 
 #include "rc.h"
-#include "rc-misc.h"
-#include "strlist.h"
+#include "../rc-misc.h"
+#include "../strlist.h"
 
 #define PROFILE_ENV     "/etc/profile.env"
 #define SYS_WHITELIST   RC_LIBDIR "/conf.d/env_whitelist"
@@ -113,17 +113,54 @@ char **env_filter (void)
 	char *p;
 	int pplen = strlen (PATH_PREFIX);
 
-	whitelist = rc_config_list (SYS_WHITELIST);
-	if (! whitelist)
-		fprintf (stderr, "system environment whitelist (" SYS_WHITELIST ") missing\n");
-
-	env = rc_config_list (USR_WHITELIST);
-	rc_strlist_join (&whitelist, env);
-	rc_strlist_free (env);
-	env = NULL;
-
-	if (! whitelist)
-		return (NULL);
+	/* Init a system whitelist, start with shell vars we need */
+	rc_strlist_add (&whitelist, "PATH");
+	rc_strlist_add (&whitelist, "SHELL");
+	rc_strlist_add (&whitelist, "USER");
+	rc_strlist_add (&whitelist, "HOME");
+	rc_strlist_add (&whitelist, "TERM");
+
+	/* Add Language vars */
+	rc_strlist_add (&whitelist, "LANG");
+	rc_strlist_add (&whitelist, "LC_CTYPE");
+	rc_strlist_add (&whitelist, "LC_NUMERIC");
+	rc_strlist_add (&whitelist, "LC_TIME");
+	rc_strlist_add (&whitelist, "LC_COLLATE");
+	rc_strlist_add (&whitelist, "LC_MONETARY");
+	rc_strlist_add (&whitelist, "LC_MESSAGES");
+	rc_strlist_add (&whitelist, "LC_PAPER");
+	rc_strlist_add (&whitelist, "LC_NAME");
+	rc_strlist_add (&whitelist, "LC_ADDRESS");
+	rc_strlist_add (&whitelist, "LC_TELEPHONE");
+	rc_strlist_add (&whitelist, "LC_MEASUREMENT");
+	rc_strlist_add (&whitelist, "LC_IDENTIFICATION");
+	rc_strlist_add (&whitelist, "LC_ALL");
+
+	/* Allow rc to override library path */
+	rc_strlist_add (&whitelist, "LD_LIBRARY_PATH");
+
+	/* We need to know sysvinit stuff - we emulate this for BSD too */
+	rc_strlist_add (&whitelist, "INIT_HALT");
+	rc_strlist_add (&whitelist, "INIT_VERSION");
+	rc_strlist_add (&whitelist, "RUNLEVEL");
+	rc_strlist_add (&whitelist, "PREVLEVEL");
+	rc_strlist_add (&whitelist, "CONSOLE");
+
+	/* Hotplug and daemon vars */
+	rc_strlist_add (&whitelist, "IN_HOTPLUG");
+	rc_strlist_add (&whitelist, "IN_BACKGROUND");
+	rc_strlist_add (&whitelist, "RC_INTERFACE_KEEP_CONFIG");
+
+	/* Add the user defined list of vars */
+	e = env_name = xstrdup (rc_conf_value ("rc_env_allow"));
+	while ((token = strsep (&e, " "))) {
+		if (token[0] == '*') {
+			free (env_name);
+			return (NULL);
+		}
+		rc_strlist_add (&whitelist, token);
+	}
+	free (env_name);
 
 	if (exists (PROFILE_ENV))
 		profile = rc_config_load (PROFILE_ENV);