diff options
| -rw-r--r-- | users/Profpatsch/lib.nix | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/users/Profpatsch/lib.nix b/users/Profpatsch/lib.nix index 05d931b841..9dd3cd481d 100644 --- a/users/Profpatsch/lib.nix +++ b/users/Profpatsch/lib.nix @@ -25,11 +25,22 @@ let "fdmove" "-c" "1" "2" bins.printenv "$1" "$@" ]; + # remove everything but a few selected environment variables + runInEmptyEnv = keepVars: + let + importas = pkgs.lib.concatMap (var: [ "importas" "-i" var var ]) keepVars; + # we have to explicitely call export here, because PATH is probably empty + export = pkgs.lib.concatMap (var: [ "${pkgs.execline}/bin/export" var ''''${${var}}'' ]) keepVars; + in depot.nix.writeExecline "empty-env" {} + (importas ++ [ "emptyenv" ] ++ export ++ [ "${pkgs.execline}/bin/exec" "$@" ]); + + in { inherit debugExec eprintf eprint-stdin eprintenv + runInEmptyEnv ; } |