Run(): ignore containers.conf's environment configuration

The hardwired default for containers.conf now includes a TERM variable, and passing it through to commands that we "RUN" during a build can subtly cause the resulting image to be different from one that `docker build` would create, so stop using it there. When a runtime runs the image we eventually produce, it'll consult the configuration file, so the variable will still be set, even when it isn't set in the image. Signed-off-by: Nalin Dahyabhai <[email protected]>
containers · Oct 14, 2020 · 0be7588 · 0be7588
1 parent 64977ee
commit 0be7588
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 11 deletions.
diff --git a/run_linux.go b/run_linux.go
@@ -91,11 +91,8 @@ func (b *Builder) Run(command []string, options RunOptions) error {
 		return err
 	}
 
-	defaultContainerConfig, err := config.Default()
-	if err != nil {
-		return errors.Wrapf(err, "failed to get container config")
-	}
-	b.configureEnvironment(g, options, defaultContainerConfig.Containers.Env)
+	// hardwire the environment to match docker build to avoid subtle and hard-to-debug differences due to containers.conf
+	b.configureEnvironment(g, options, []string{"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"})
 
 	if b.CommonBuildOpts == nil {
 		return errors.Errorf("Invalid format on container you must recreate the container")

diff --git a/tests/containers_conf.bats b/tests/containers_conf.bats
@@ -2,12 +2,6 @@
 
 load helpers
 
-@test "containers.conf env test" {
-    export CONTAINERS_CONF=${TESTSDIR}/containers.conf
-    cid=$(buildah from --pull --signature-policy ${TESTSDIR}/policy.json docker.io/alpine)
-    run_buildah --log-level=error run $cid sh -c 'env | grep "foo=bar"'
-}
-
 @test "containers.conf selinux test" {
     if ! which selinuxenabled > /dev/null 2> /dev/null ; then
 	skip "No selinuxenabled executable"