run: Don't inherit LD_PRELOAD/LD_AUDIT from the host #5765
Conversation
|
There is a comment below that says:
It's easy to miss since it's in the middle of the list so perhaps should be moved on top. |
|
For completeness, we might want to do the same for |
There was a problem hiding this comment.
As @Erick555 said, please update the documentation to match. Other than that, this LGTM.
Adding LD_AUDIT can be part of this change, or it can be separate.
I would say that changing the organization/layout of this list and its comments as @Erick555 suggested is out-of-scope for this particular PR (but might be a good idea to do separately).
Did you test this? It would be good to know for sure that it's true. |
TingPing
force-pushed
the
pgriffis/no-ld-preload
branch
from
23e7811
to
3c07544
Compare
Yes I confirmed it works. |
Typo: should say |
TingPing
force-pushed
the
pgriffis/no-ld-preload
branch
from
3c07544
to
c08ff0c
Compare
|
Hmm, I actually hit some failures:
So I'll check this out later. |
|
This happens on |
smcv
force-pushed
the
pgriffis/no-ld-preload
branch
from
c08ff0c
to
f422e42
Compare
Not merging this right now because it's still marked as draft, but the change looks good, so please re-test. |
smcv
changed the title
smcv
changed the title
I don't think this env var makes much sense to pass into the sandbox for similar reasons to LD_LIBRARY_PATH. Libraries from the host just aren't relevant. Users can still pass `--env=LD_PRELOAD=/foo` to use this functionality.
smcv
force-pushed
the
pgriffis/no-ld-preload
branch
from
f422e42
to
5ba396a
Compare
I don't think this env var makes much sense to pass into the sandbox for similar reasons to LD_LIBRARY_PATH. Libraries from the host just aren't relevant.
Users can still pass
--env=LD_PRELOAD=/footo use this functionality.