From 129ab559ee5d55ed71956066d97ade4921e5efe4 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Wed, 4 Oct 2017 15:34:33 +0200
Subject: [PATCH] Strip some more common environment variables from the host

We strip PYTHONPATH, PERLLIB, PERL5LIB and XCURSOR_PATH from the
environment in the sandbox, because these kind of path variables
can badly affect the sandbox (e.g. pulling in host-side code).

Closes: #1078
Approved by: alexlarsson
---
 common/flatpak-run.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index a09fc671..3a24622d 100644
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -3320,6 +3320,13 @@ static const ExportData default_exports[] = {
   {"XDG_DATA_DIRS", "/app/share:/usr/share"},
   {"SHELL", "/bin/sh"},
   {"TMPDIR", NULL}, /* Unset TMPDIR as it may not exist in the sandbox */
+
+  /* Some env vars are common enough and will affect the sandbox badly
+     if set on the host. We clear these always. */
+  {"PYTHONPATH", NULL},
+  {"PERLLIB", NULL},
+  {"PERL5LIB", NULL},
+  {"XCURSOR_PATH", NULL},
 };
 
 static const ExportData no_ld_so_cache_exports[] = {