Bug#494923: xvfb-run: feature request: option to isolate processes from parent environment

2011-02-04 Thread Zack Weinberg 
On Sun, Jan 30, 2011 at 11:37 AM, Julien Cristau  wrote:
> On Sun, Jan 30, 2011 at 08:18:14 +0100, Cyril Brulebois wrote:
>> I'd welcome your forwarding/discussing your patch to/with upstream
>> directly:
>>   http://www.x.org/wiki/Development/Documentation/SubmittingPatches
>>   http://bugs.freedesktop.org/
>>
> xvfb-run's upstream is us...

I'm happy to produce an updated patch and send it wherever is
appropriate, but please make up your minds about where that is :)

zw



--
To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/AANLkTi=zjv6um-wu5k0g0qcyqdpoetwjq34z2cwnu...@mail.gmail.com

Bug#494923: xvfb-run: feature request: option to isolate processes from parent environment

2011-01-30 Thread Julien Cristau 
On Sun, Jan 30, 2011 at 08:18:14 +0100, Cyril Brulebois wrote:

> tag 494923 upstream
> thanks
> 
> Hi Zack, and thanks.
> 
> Zack Weinberg  (12/08/2008):
> > I attach a patch that does just this.  It's not perfect: the biggest
> > flaw being that it relies on a list of shell glob patterns matching
> > environment variables to unset, and that list is surely incomplete.
> > I don't use KDE, for instance, so I had to guess what environment
> > variables might be relevant there.  It works beautifully for my
> > purposes, though.
> 
> I'd welcome your forwarding/discussing your patch to/with upstream
> directly:
>   http://www.x.org/wiki/Development/Documentation/SubmittingPatches
>   http://bugs.freedesktop.org/
> 
xvfb-run's upstream is us...

Cheers,
Julien


signature.asc
Description: Digital signature

Processed: Re: Bug#494923: xvfb-run: feature request: option to isolate processes from parent environment

2011-01-29 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tag 494923 upstream
Bug #494923 [xvfb] xvfb-run: feature request: option to isolate processes from 
parent environment
Added tag(s) upstream.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
494923: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494923
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


-- 
To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/handler.s.c.129637190614162.transcr...@bugs.debian.org

Bug#494923: xvfb-run: feature request: option to isolate processes from parent environment

2011-01-29 Thread Cyril Brulebois 
tag 494923 upstream
thanks

Hi Zack, and thanks.

Zack Weinberg  (12/08/2008):
> I attach a patch that does just this.  It's not perfect: the biggest
> flaw being that it relies on a list of shell glob patterns matching
> environment variables to unset, and that list is surely incomplete.
> I don't use KDE, for instance, so I had to guess what environment
> variables might be relevant there.  It works beautifully for my
> purposes, though.

I'd welcome your forwarding/discussing your patch to/with upstream
directly:
  http://www.x.org/wiki/Development/Documentation/SubmittingPatches
  http://bugs.freedesktop.org/

A link to the bug report or a Cc to the bug when git send-emailing
would be appreciated.

KiBi.


signature.asc
Description: Digital signature

Bug#494923: xvfb-run: feature request: option to isolate processes from parent environment

2008-08-12 Thread Zack Weinberg 
Package: xvfb
Version: 2:1.4.2-3
Severity: wishlist
File: /usr/bin/xvfb-run
Tags: patch

For e.g. automated testing of desktop applications, it would be nice
to have an xvfb-run mode that makes an effort to isolate the processes
it spawns from the user's normal environment.  Specifically, it should
provide its own, empty, $HOME and $TMPDIR, and should attempt to unset
all environment variables that identify desktop services.

I attach a patch that does just this.  It's not perfect: the biggest flaw
being that it relies on a list of shell glob patterns matching environment
variables to unset, and that list is surely incomplete.  I don't use
KDE, for instance, so I had to guess what environment variables might
be relevant there.  It works beautifully for my purposes, though.

$PATH is left intact, as is the current directory; this is intentional.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.25-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages xvfb depends on:
ii  libc6 2.7-13 GNU C Library: Shared libraries
ii  libdbus-1-3   1.2.1-3simple interprocess messaging syst
ii  libfontenc1   1:1.0.4-3  X11 font encoding library
ii  libhal1   0.5.11-2   Hardware Abstraction Layer - share
ii  libpixman-1-0 0.10.0-2   pixel-manipulation library for X a
ii  libxau6   1:1.0.3-3  X11 authorisation library
ii  libxdmcp6 1:1.0.2-3  X11 Display Manager Control Protoc
ii  libxfont1 1:1.3.3-1  X11 font rasterisation library
ii  x11-common1:7.3+15   X Window System (X.Org) infrastruc

Versions of packages xvfb recommends:
ii  xbase-clients 1:7.3+15   miscellaneous X clients - metapack
ii  xfonts-base   1:1.0.0-5  standard fonts for X

xvfb suggests no packages.

-- no debconf information
--- /usr/bin/xvfb-run   2008-08-02 15:26:56.0 -0700
+++ src/mozilla/xvfb-run2008-08-07 18:24:21.206536935 -0700
@@ -50,6 +50,8 @@
 Options:
 -a--auto-servernum  try to get a free server number, starting 
at
 --server-num
+-i--isolate try to isolate processes running under Xvfb
+from the parent environment
 -e FILE   --error-file=FILE file used to store xauth errors and Xvfb
 output (default: $ERRORFILE)
 -f FILE   --auth-file=FILE  file used to store auth cookie
@@ -94,9 +96,22 @@
 fi
 }
 
+# Unset environment variables which might apply to a parent session
+# rather than the virtual session.  This list is undoubtedly incomplete.
+clean_env() {
+for var in $(set | cut -d= -f1); do
+case $var in
+ DBUS_* | DESKTOP_* | DISPLAY | GDM* | GNOME_* | GPG_* | GTK_* | \
+ KDE* | QT* | SESSION_* | SSH_* | SCREEN* | XAUTHORITY )
+   unset $var
+   ;;
+   esac
+done
+}
+
 # Parse the command line.
-ARGS=$(getopt --options +ae:f:hn:lp:s:w: \
-   --long 
auto-servernum,error-file:,auth-file:,help,server-num:,listen-tcp,xauth-protocol:,server-args:,wait:
 \
+ARGS=$(getopt --options +aie:f:hn:lp:s:w: \
+   --long 
auto-servernum,isolate,error-file:,auth-file:,help,server-num:,listen-tcp,xauth-protocol:,server-args:,wait:
 \
--name "$PROGNAME" -- "$@")
 GETOPT_STATUS=$?
 
@@ -111,6 +126,7 @@
 case "$1" in
 -a|--auto-servernum) SERVERNUM=$(find_free_servernum) ;;
 -e|--error-file) ERRORFILE="$2"; shift ;;
+   -i|--isolate) ISOLATE="yes" ;;
 -f|--auth-file) AUTHFILE="$2"; shift ;;
 -h|--help) SHOWHELP="yes" ;;
 -n|--server-num) SERVERNUM="$2"; shift ;;
@@ -144,16 +160,28 @@
 # tidy up after ourselves
 trap clean_up EXIT
 
-# If the user did not specify an X authorization file to use, set up a 
temporary
-# directory to house one.
-if [ -z "$AUTHFILE" ]; then
+# If the user did not specify an X authorization file to use, or requested
+# a sanitized environment, we need a temporary directory.
+if [ -z "$AUTHFILE" ] || [ "$CLEANENV" ]; then
 XVFB_RUN_TMPDIR="${TMPDIR:-/tmp}/$PROGNAME.$$"
 if ! mkdir -p -m 700 "$XVFB_RUN_TMPDIR"; then
-error "temporary directory $XVFB_RUN_TMPDIR already exists"
 exit 4
 fi
+fi
+if [ -z "$AUTHFILE" ]; then
 AUTHFILE=$(tempfile -n "$XVFB_RUN_TMPDIR/Xauthority")
 fi
+if [ "$ISOLATE" ]; then
+  clean_env
+  if ! mkdir -p "$XVFB_RUN_TMPDIR/home" "$XVFB_RUN_TMPDIR/tmp"; then
+  exit 4
+  fi
+  HOME="$XVFB_RUN_TMPDIR/home"
+  TMP="$XVFB_RUN_TMPDIR/tmp"
+  TEMP="$XVFB_RUN_TMPDIR/tmp"
+  TMPDIR="$XVFB_RUN_TMPDIR/tmp"
+  export HOME TMP TEMP TMPDIR
+fi
 
 # Start Xvfb.
 MCOOKIE=$(mcookie)