runc compatibility: startContainer hook should inherit process environment

[saku3]

Part of runc compatibilities

Description

In runc, for StartContainer hooks, if no env is explicitly specified, the hook inherits the container init process’s environment.

See also:

• https://github.com/opencontainers/runc/blob/main/libcontainer/standard_init_linux.go#L211
• https://github.com/opencontainers/runc/blob/main/tests/integration/hooks.bats#L44

Steps to Reproduce

Place the following script in the container’s rootfs.

cat >"rootfs/check-env.sh" <<-'EOF'
	#!/bin/sh -ue
	test $ONE = two
	test $FOO = bar
	echo $HOME 
EOF
chmod +x "rootfs/check-env.sh"

update config.json

  "args": [
    "/bin/true"
  ],
  "env": [
    "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
    "ONE=two", 
    "FOO=bar"
  ],
...
  "hooks": {
    "startContainer": [
      { "path": "/check-env.sh" }
    ]
  },

then run

In youki

$ youki run -b tutorial/ a
/check-env.sh: line 2: ONE: parameter not set
ERROR libcontainer::process::init::process: failed to run start container hooks err=NonZeroExitCode(2)
ERROR libcontainer::process::container_intermediate_process: failed to initialize container process: failed to run hooks
ERROR libcontainer::process::container_intermediate_process: failed sending error to main sender err=BaseChannelError(Nix(EBADF))

In runc (no error)

$  runc run -b tutorial/ a

Expected behavior

StartContainer hooks without explicit env should be executed with the same environment as the container init process (runc-compatible behavior), so the hook can see ONE, FOO, and HOME.

[Jgprog117]

I'd like to tackle this runc compatibility issue. I'll update the startContainer hook logic to inherit the process environment when no explicit env is specified.

[saku3]

@bells17
Are you interested in this issue?

[bells17]

@saku3 Yes, please let me take this on.