Bug#494923: xvfb-run: feature request: option to isolate processes from parent environment

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#494923: xvfb-run: feature request: option to isolate processes from parent environment
From: Zack Weinberg <zackw@panix.com>
Date: Tue, 12 Aug 2008 21:18:54 -0700
Message-id: <[🔎] 20080813041854.24752.3938.reportbug@trurl>
Reply-to: Zack Weinberg <zackw@panix.com>, 494923@bugs.debian.org

Package: xvfb
Version: 2:1.4.2-3
Severity: wishlist
File: /usr/bin/xvfb-run
Tags: patch

For e.g. automated testing of desktop applications, it would be nice
to have an xvfb-run mode that makes an effort to isolate the processes
it spawns from the user's normal environment.  Specifically, it should
provide its own, empty, $HOME and $TMPDIR, and should attempt to unset
all environment variables that identify desktop services.

I attach a patch that does just this.  It's not perfect: the biggest flaw
being that it relies on a list of shell glob patterns matching environment
variables to unset, and that list is surely incomplete.  I don't use
KDE, for instance, so I had to guess what environment variables might
be relevant there.  It works beautifully for my purposes, though.

$PATH is left intact, as is the current directory; this is intentional.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.25-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages xvfb depends on:
ii  libc6                         2.7-13     GNU C Library: Shared libraries
ii  libdbus-1-3                   1.2.1-3    simple interprocess messaging syst
ii  libfontenc1                   1:1.0.4-3  X11 font encoding library
ii  libhal1                       0.5.11-2   Hardware Abstraction Layer - share
ii  libpixman-1-0                 0.10.0-2   pixel-manipulation library for X a
ii  libxau6                       1:1.0.3-3  X11 authorisation library
ii  libxdmcp6                     1:1.0.2-3  X11 Display Manager Control Protoc
ii  libxfont1                     1:1.3.3-1  X11 font rasterisation library
ii  x11-common                    1:7.3+15   X Window System (X.Org) infrastruc

Versions of packages xvfb recommends:
ii  xbase-clients                 1:7.3+15   miscellaneous X clients - metapack
ii  xfonts-base                   1:1.0.0-5  standard fonts for X

xvfb suggests no packages.

-- no debconf information

--- /usr/bin/xvfb-run	2008-08-02 15:26:56.000000000 -0700
+++ src/mozilla/xvfb-run	2008-08-07 18:24:21.206536935 -0700
@@ -50,6 +50,8 @@
 Options:
 -a        --auto-servernum          try to get a free server number, starting at
                                     --server-num
+-i        --isolate                 try to isolate processes running under Xvfb
+                                    from the parent environment
 -e FILE   --error-file=FILE         file used to store xauth errors and Xvfb
                                     output (default: $ERRORFILE)
 -f FILE   --auth-file=FILE          file used to store auth cookie
@@ -94,9 +96,22 @@
     fi
 }
 
+# Unset environment variables which might apply to a parent session
+# rather than the virtual session.  This list is undoubtedly incomplete.
+clean_env() {
+    for var in $(set | cut -d= -f1); do
+        case $var in
+	  DBUS_* | DESKTOP_* | DISPLAY | GDM* | GNOME_* | GPG_* | GTK_* | \
+	  KDE* | QT* | SESSION_* | SSH_* | SCREEN* | XAUTHORITY )
+	    unset $var
+	    ;;
+	esac
+    done
+}
+
 # Parse the command line.
-ARGS=$(getopt --options +ae:f:hn:lp:s:w: \
-       --long auto-servernum,error-file:,auth-file:,help,server-num:,listen-tcp,xauth-protocol:,server-args:,wait: \
+ARGS=$(getopt --options +aie:f:hn:lp:s:w: \
+       --long auto-servernum,isolate,error-file:,auth-file:,help,server-num:,listen-tcp,xauth-protocol:,server-args:,wait: \
        --name "$PROGNAME" -- "$@")
 GETOPT_STATUS=$?
 
@@ -111,6 +126,7 @@
     case "$1" in
         -a|--auto-servernum) SERVERNUM=$(find_free_servernum) ;;
         -e|--error-file) ERRORFILE="$2"; shift ;;
+	-i|--isolate) ISOLATE="yes" ;;
         -f|--auth-file) AUTHFILE="$2"; shift ;;
         -h|--help) SHOWHELP="yes" ;;
         -n|--server-num) SERVERNUM="$2"; shift ;;
@@ -144,16 +160,28 @@
 # tidy up after ourselves
 trap clean_up EXIT
 
-# If the user did not specify an X authorization file to use, set up a temporary
-# directory to house one.
-if [ -z "$AUTHFILE" ]; then
+# If the user did not specify an X authorization file to use, or requested
+# a sanitized environment, we need a temporary directory.
+if [ -z "$AUTHFILE" ] || [ "$CLEANENV" ]; then
     XVFB_RUN_TMPDIR="${TMPDIR:-/tmp}/$PROGNAME.$$"
     if ! mkdir -p -m 700 "$XVFB_RUN_TMPDIR"; then
-        error "temporary directory $XVFB_RUN_TMPDIR already exists"
         exit 4
     fi
+fi
+if [ -z "$AUTHFILE" ]; then
     AUTHFILE=$(tempfile -n "$XVFB_RUN_TMPDIR/Xauthority")
 fi
+if [ "$ISOLATE" ]; then
+  clean_env
+  if ! mkdir -p "$XVFB_RUN_TMPDIR/home" "$XVFB_RUN_TMPDIR/tmp"; then
+      exit 4
+  fi
+  HOME="$XVFB_RUN_TMPDIR/home"
+  TMP="$XVFB_RUN_TMPDIR/tmp"
+  TEMP="$XVFB_RUN_TMPDIR/tmp"
+  TMPDIR="$XVFB_RUN_TMPDIR/tmp"
+  export HOME TMP TEMP TMPDIR
+fi
 
 # Start Xvfb.
 MCOOKIE=$(mcookie)

Reply to:

Prev by Date: Bug#487689: no longer reproducible
Next by Date: Bug#487689: marked as done (X apparently crashes sometimes upon login in gdm)
Previous by thread: Bug#487689: no longer reproducible
Next by thread: Bug#487689: marked as done (X apparently crashes sometimes upon login in gdm)
Index(es):
- Date
- Thread