openrc-pam: add loading user environment.

openrc-pam now sets XDG_RUNTIME_DIR in case it's unset. after running openrc --user, it'll look at ${XDG_RUNTIME_DIR}/openrc/env for exported variables by services, and only set those allowed by RC_USER_ENV_WHITELIST and RC_USER_ENV_WHITELIST_D. this is to protect pam from variables being set under user control that could mess with other modules. Signed-off-by: Anna (navi) Figueiredo Gomes <navi@vlhl.dev>
author: Anna (navi) Figueiredo Gomes <navi@vlhl.dev> 2023-06-19 23:40:27 -0300
committer: Anna (navi) Figueiredo Gomes <navi@vlhl.dev> 2023-10-19 10:56:54 +0200
commit: a97960623375078954cf551237fcf26be617bcbe (patch)
tree: cbb994f3f07532a37561013318e336ce22ee9e3d /src/librc
parent: 0007a8e4f49e100a51b4db69769e60845c6f411b (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/librc/rc.h.in b/src/librc/rc.h.in
index 8b1c705a..f6700801 100644
--- a/src/librc/rc.h.in
+++ b/src/librc/rc.h.in
@@ -61,6 +61,9 @@ extern "C" {
 /*! @name Reserved runlevel names */
 #define RC_LEVEL_USERNONE    "none"
 
+#define RC_USER_ENV_WHITELIST RC_SYS_USER_CONFDIR "/env_whitelist"
+#define RC_USER_ENV_WHITELIST_D RC_SYS_USER_CONFDIR "/env_whitelist.d"
+
 /*! Is openrc being ran in usermode?
  * @return true if yes, otherwise false */
 bool rc_is_user(void);
author	Anna (navi) Figueiredo Gomes <navi@vlhl.dev>	2023-06-19 23:40:27 -0300
committer	Anna (navi) Figueiredo Gomes <navi@vlhl.dev>	2023-10-19 10:56:54 +0200
commit	a97960623375078954cf551237fcf26be617bcbe (patch)
tree	cbb994f3f07532a37561013318e336ce22ee9e3d /src/librc
parent	0007a8e4f49e100a51b4db69769e60845c6f411b (diff)