From baa5affb5eade36abbd0f32f4ce7e972fa14e25a Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Mon, 18 Jan 2021 17:53:31 +0000
Subject: [PATCH] run: Pass environment variables via bwrap --setenv when
 running ldconfig

This means we can systematically pass the environment variables
through bwrap(1), even if it is setuid and thus is filtering out
security-sensitive environment variables. bwrap ends up being
run with an empty environment instead.

This did not regress in 6d1773d "run: Convert all environment variables
into bwrap arguments", because the LD_LIBRARY_PATH special case in
flatpak_run_add_environment_args() was already not used here; but it's
a bug fix along the same lines as fixing the regression.

Signed-off-by: Simon McVittie <smcv@collabora.com>
---
 common/flatpak-run.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index 7e657251..8236dbf6 100644
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -3437,6 +3437,7 @@ regenerate_ld_cache (GPtrArray    *base_argv_array,
                           "--dev", "/dev",
                           "--bind", flatpak_file_get_path_cached (ld_so_dir), "/run/ld-so-cache-dir",
                           NULL);
+  flatpak_bwrap_envp_to_args (bwrap);
 
   if (!flatpak_bwrap_bundle_args (bwrap, 1, -1, FALSE, error))
     return -1;