1 files changed, 11 insertions, 0 deletions

diff --git a/users/Profpatsch/lib.nix b/users/Profpatsch/lib.nix
index 05d931b841e5..9dd3cd481d7e 100644
--- a/users/Profpatsch/lib.nix
+++ b/users/Profpatsch/lib.nix
@@ -25,11 +25,22 @@ let
     "fdmove" "-c" "1" "2" bins.printenv "$1" "$@"
   ];
 
+  # remove everything but a few selected environment variables
+  runInEmptyEnv = keepVars:
+    let
+        importas = pkgs.lib.concatMap (var: [ "importas" "-i" var var ]) keepVars;
+        # we have to explicitely call export here, because PATH is probably empty
+        export = pkgs.lib.concatMap (var: [ "${pkgs.execline}/bin/export" var ''''${${var}}'' ]) keepVars;
+    in depot.nix.writeExecline "empty-env" {}
+         (importas ++ [ "emptyenv" ] ++ export ++ [ "${pkgs.execline}/bin/exec" "$@" ]);
+
+
 in {
   inherit
     debugExec
     eprintf
     eprint-stdin
     eprintenv
+    runInEmptyEnv
     ;
 }