Add support for -env-host

This flag passes the host environment into the container. The basic idea is to leak all environment variables from the host into the container. Environment variables from the image, and passed in via --env and --env-file will override the host environment. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-06-19 08:09:12 +08:00 · 2019-07-11 09:25:38 -04:00
parent 144567b42d
commit df75fc62c8
7 changed files with 70 additions and 8 deletions
--- a/cmd/podman/common.go
+++ b/cmd/podman/common.go
@ -221,6 +221,9 @@ func getCreateFlags(c *cliconfig.PodmanCommand) {
 		"env", "e", []string{},
 		"Set environment variables in container",
 	)
+	createFlags.Bool(
+		"env-host", false, "Use all current host environment variables in container",
+	)
 	createFlags.StringSlice(
 		"env-file", []string{},
 		"Read in a file of environment variables",
--- a/cmd/podman/shared/create.go
+++ b/cmd/podman/shared/create.go
@ -483,6 +483,16 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod.

 	// ENVIRONMENT VARIABLES
 	env := EnvVariablesFromData(data)
+	if c.Bool("env-host") {
+		for _, e := range os.Environ() {
+			pair := strings.SplitN(e, "=", 2)
+			if _, ok := env[pair[0]]; !ok {
+				if len(pair) > 1 {
+					env[pair[0]] = pair[1]
+				}
+			}
+		}
+	}
 	if err := parse.ReadKVStrings(env, c.StringSlice("env-file"), c.StringArray("env")); err != nil {
 		return nil, errors.Wrapf(err, "unable to process environment variables")
 	}
--- a/cmd/podman/shared/intermediate.go
+++ b/cmd/podman/shared/intermediate.go
@ -393,6 +393,7 @@ func NewIntermediateLayer(c *cliconfig.PodmanCommand, remote bool) GenericCLIRes
 	m["dns-search"] = newCRStringSlice(c, "dns-search")
 	m["entrypoint"] = newCRString(c, "entrypoint")
 	m["env"] = newCRStringArray(c, "env")
+	m["env-host"] = newCRBool(c, "env-host")
 	m["env-file"] = newCRStringSlice(c, "env-file")
 	m["expose"] = newCRStringSlice(c, "expose")
 	m["gidmap"] = newCRStringSlice(c, "gidmap")
--- a/completions/bash/podman
+++ b/completions/bash/podman
@ -1740,6 +1740,7 @@ _podman_container_run() {
 		--dns-search
 		--entrypoint
 		--env -e
+		--env-host
 		--env-file
 		--expose
 		--gidmap
--- a/docs/podman-create.1.md
+++ b/docs/podman-create.1.md
@ -245,13 +245,15 @@ You need to specify multi option commands in the form of a json string.

 Set environment variables

-This option allows you to specify arbitrary
-environment variables that are available for the process that will be launched
-inside of the container.
+This option allows you to specify arbitrary environment variables that are available for the process that will be launched inside of the container. If you specify a environment variable without a value, podman will check the host environment for a value or set the environment to "".  See **Environment** note below for precedence.
+
+**--env-host**=*true|false*
+
+Use host environment inside of the container. See **Environment** note below for precedence.

 **--env-file**=*file*

-Read in a line delimited file of environment variables
+Read in a line delimited file of environment variables. See **Environment** note below for precedence.

 **--expose**=*port*

@ -901,6 +903,19 @@ The fuse-overlay package provides a userspace overlay storage driver, otherwise
 the vfs storage driver, which is diskspace expensive and does not perform well. slirp4netns is
 required for VPN, without it containers need to be run with the --net=host flag.

+## ENVIRONMENT
+
+Environment variables within containers can be set using multiple different options:  This section describes the presidence.
+
+Presidence Order:
+	   **--env-host** : Host environment of the process executing podman is added.
+
+	   Container image : Any enviroment variables specified in the contianer image.
+
+	   **--env-file** : Any environment variables specfied via env-files.  If multiple files specified, then they override each other in order of entry.
+
+	   **--env** : Any environment variables specified will overide previous settings.
+
 ## FILES

 **/etc/subuid**
--- a/docs/podman-run.1.md
+++ b/docs/podman-run.1.md
@ -252,13 +252,15 @@ You need to specify multi option commands in the form of a json string.

 Set environment variables

-This option allows you to specify arbitrary
-environment variables that are available for the process that will be launched
-inside of the container.
+This option allows you to specify arbitrary environment variables that are available for the process that will be launched inside of the container. If you specify a environment variable without a value, podman will check the host environment for a value or set the environment to "".  See **Environment** note below for precedence.
+
+**--env-host**=*true|false*
+
+Use host environment inside of the container. See **Environment** note below for precedence.

 **--env-file**=*file*

-Read in a line delimited file of environment variables
+Read in a line delimited file of environment variables. See **Environment** note below for precedence.

 **--expose**=*port*

@ -1185,6 +1187,20 @@ The fuse-overlay package provides a userspace overlay storage driver, otherwise
 the vfs storage driver, which is diskspace expensive and does not perform well. slirp4netns is
 required for VPN, without it containers need to be run with the --net=host flag.

+## ENVIRONMENT
+
+Environment variables within containers can be set using multiple different options:  This section describes the presidence.
+
+Presidence Order:
+
+	   **--env-host** : Host environment of the process executing podman is added.
+
+	   Container image : Any enviroment variables specified in the contianer image.
+
+	   **--env-file** : Any environment variables specfied via env-files.  If multiple files specified, then they override each other in order of entry.
+
+	   **--env** : Any environment variables specified will overide previous settings.
+
 ## FILES

 **/etc/subuid**
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@ -224,6 +224,22 @@ var _ = Describe("Podman run", func() {
 		Expect(match).Should(BeTrue())
 	})

+	It("podman run --host-env environment test", func() {
+		os.Setenv("FOO", "BAR")
+		session := podmanTest.Podman([]string{"run", "--rm", "--env-host", ALPINE, "printenv", "FOO"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		match, _ := session.GrepString("BAR")
+		Expect(match).Should(BeTrue())
+
+		session = podmanTest.Podman([]string{"run", "--rm", "--env", "FOO=BAR1", "--env-host", ALPINE, "printenv", "FOO"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		match, _ = session.GrepString("BAR1")
+		Expect(match).Should(BeTrue())
+		os.Unsetenv("FOO")
+	})
+
 	It("podman run limits test", func() {
 		SkipIfRootless()
 		session := podmanTest.Podman([]string{"run", "--rm", "--ulimit", "rtprio=99", "--cap-add=sys_nice", fedoraMinimal, "cat", "/proc/self/sched"})