run: Add --clear-env option for clearing the outside environment

2026-05-18 13:52:53 -04:00 · 2025-08-29 12:48:17 +02:00
parent 4c75a168e3
commit f760f1b539
4 changed files with 30 additions and 5 deletions
--- a/app/flatpak-builtins-run.c
+++ b/app/flatpak-builtins-run.c
@@ -61,6 +61,7 @@ static gboolean opt_parent_share_pids;
 static int opt_instance_id_fd = -1;
 static char *opt_app_path;
 static char *opt_usr_path;
+static gboolean opt_clear_env;

 static GOptionEntry options[] = {
  { "arch", 0, 0, G_OPTION_ARG_STRING, &opt_arch, N_("Arch to use"), N_("ARCH") },
@@ -89,6 +90,7 @@ static GOptionEntry options[] = {
  { "instance-id-fd", 0, 0, G_OPTION_ARG_INT, &opt_instance_id_fd, N_("Write the instance ID to the given file descriptor"), NULL },
  { "app-path", 0, 0, G_OPTION_ARG_FILENAME, &opt_app_path, N_("Use PATH instead of the app's /app"), N_("PATH") },
  { "usr-path", 0, 0, G_OPTION_ARG_FILENAME, &opt_usr_path, N_("Use PATH instead of the runtime's /usr"), N_("PATH") },
+  { "clear-env", 0, 0, G_OPTION_ARG_NONE, &opt_clear_env, N_("Clear all outside environment variables"), NULL },
  { NULL }
 };

@@ -308,6 +310,8 @@ flatpak_builtin_run (int argc, char **argv, GCancellable *cancellable, GError **
    flags |= FLATPAK_RUN_FLAG_NO_A11Y_BUS_PROXY;
  if (!opt_session_bus)
    flags |= FLATPAK_RUN_FLAG_NO_SESSION_BUS_PROXY;
+  if (!opt_clear_env)
+    flags |= FLATPAK_RUN_FLAG_CLEAR_ENV;

  if (!flatpak_run_app (app_deploy ? app_ref : runtime_ref,
                        app_deploy,
--- a/common/flatpak-common-types-private.h
+++ b/common/flatpak-common-types-private.h
@@ -44,11 +44,12 @@ typedef enum {
  FLATPAK_RUN_FLAG_SANDBOX            = (1 << 14),
  FLATPAK_RUN_FLAG_NO_DOCUMENTS_PORTAL = (1 << 15),
  FLATPAK_RUN_FLAG_BLUETOOTH          = (1 << 16),
-  FLATPAK_RUN_FLAG_CANBUS            = (1 << 17),
+  FLATPAK_RUN_FLAG_CANBUS             = (1 << 17),
  FLATPAK_RUN_FLAG_DO_NOT_REAP        = (1 << 18),
  FLATPAK_RUN_FLAG_NO_PROC            = (1 << 19),
  FLATPAK_RUN_FLAG_PARENT_EXPOSE_PIDS = (1 << 20),
  FLATPAK_RUN_FLAG_PARENT_SHARE_PIDS  = (1 << 21),
+  FLATPAK_RUN_FLAG_CLEAR_ENV          = (1 << 22),
 } FlatpakRunFlags;

 typedef struct FlatpakDir          FlatpakDir;
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -728,6 +728,15 @@ apply_exports (char            **envp,
  return envp;
 }

+static void
+flatpak_run_apply_env_clear (FlatpakBwrap *bwrap, gboolean clear_env)
+{
+  if (!clear_env)
+    return;
+
+  flatpak_bwrap_add_args (bwrap, "--clearenv", NULL);
+}
+
 void
 flatpak_run_apply_env_default (FlatpakBwrap *bwrap, gboolean use_ld_so_cache)
 {
@@ -3268,6 +3277,7 @@ flatpak_run_app (FlatpakDecomposed   *app_ref,
      app_files = g_object_ref (original_app_files);
    }

+  flatpak_run_apply_env_clear (bwrap, !!(flags & FLATPAK_RUN_FLAG_CLEAR_ENV));
  flatpak_run_apply_env_default (bwrap, use_ld_so_cache);
  flatpak_run_apply_env_vars (bwrap, app_context);
  flatpak_run_apply_env_prompt (bwrap, app_id);
--- a/doc/flatpak-run.xml
+++ b/doc/flatpak-run.xml
@@ -80,10 +80,10 @@
        </para>
        <para>
            Environment variables are generally passed on to the sandboxed application, with
-            certain exceptions. The application metadata can override environment variables,
-            as well as the <option>--env</option> option. Apart from that, Flatpak always
-            unsets or overrides the following variables, since their session values
-            are likely to interfere with the functioning of the sandbox:
+            certain exceptions, if <option>--clear-env</option> is not specified. The application
+            metadata can override environment variables, as well as the <option>--env</option>
+            option. Apart from that, Flatpak always unsets or overrides the following variables,
+            since their session values are likely to interfere with the functioning of the sandbox:
        </para>
        <simplelist>
            <member>PATH</member>
@@ -585,6 +585,16 @@ key=v1;v2;
                </para></listitem>
            </varlistentry>

+            <varlistentry>
+                <term><option>--clear-env</option></term>
+
+                <listitem><para>
+                    Do not pass environment variables from the outside to the
+                    sandboxed application. Explicitly set and unset environment
+                    variables still get applied.
+                </para></listitem>
+            </varlistentry>
+
            <varlistentry>
                <term><option>--own-name=NAME</option></term>