From a97960623375078954cf551237fcf26be617bcbe Mon Sep 17 00:00:00 2001
From: "Anna (navi) Figueiredo Gomes" <navi@vlhl.dev>
Date: Mon, 19 Jun 2023 23:40:27 -0300
Subject: openrc-pam: add loading user environment.

openrc-pam now sets XDG_RUNTIME_DIR in case it's unset.
after running openrc --user, it'll look at ${XDG_RUNTIME_DIR}/openrc/env
for exported variables by services, and only set those allowed by
RC_USER_ENV_WHITELIST and RC_USER_ENV_WHITELIST_D.

this is to protect pam from variables being set under user control that
could mess with other modules.

Signed-off-by: Anna (navi) Figueiredo Gomes <navi@vlhl.dev>
---
 src/librc/rc.h.in | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/librc')

diff --git a/src/librc/rc.h.in b/src/librc/rc.h.in
index 8b1c705a..f6700801 100644
--- a/src/librc/rc.h.in
+++ b/src/librc/rc.h.in
@@ -61,6 +61,9 @@ extern "C" {
 /*! @name Reserved runlevel names */
 #define RC_LEVEL_USERNONE    "none"
 
+#define RC_USER_ENV_WHITELIST RC_SYS_USER_CONFDIR "/env_whitelist"
+#define RC_USER_ENV_WHITELIST_D RC_SYS_USER_CONFDIR "/env_whitelist.d"
+
 /*! Is openrc being ran in usermode?
  * @return true if yes, otherwise false */
 bool rc_is_user(void);
-- 
cgit v1.2.3