Apply --rmenv immediately to help to avoid the env var length check

Remove environment variables with --rmenv immediately. This fixes
removing long environment variables (LS_COLORS generated by vivid),
previously the length filter would trip before the command was
processed.

This changes user visible behavior slightly, for example --rmenv=LANG
now applies also to Firejail, while earlier it would only apply to
sandboxed program.

Partially fixes #3673, but not handling `rmenv` in profiles.

Also suggest --rmenv when there are problems with enviroment
variables.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>

1 files changed, 6 insertions, 2 deletions

diff --git a/src/firejail/main.c b/src/firejail/main.c
index 06f81a987..0d67c2a64 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1004,17 +1004,21 @@ int main(int argc, char **argv, char **envp) {
                         fprintf(stderr, "Error: too long arguments\n");
                         exit(1);
                 }
+                // Also remove requested environment variables
+                // entirely to avoid tripping the length check below
+                if (strncmp(argv[i], "--rmenv=", 8) == 0)
+                        unsetenv(argv[i] + 8);
         }
 
         // sanity check for environment variables
         for (i = 0, ptr = envp; ptr && *ptr && i < MAX_ENVS; i++, ptr++) {
                 if (strlen(*ptr) >= MAX_ENV_LEN) {
-                        fprintf(stderr, "Error: too long environment variables\n");
+                        fprintf(stderr, "Error: too long environment variables, please use --rmenv\n");
                         exit(1);
                 }
         }
         if (i >= MAX_ENVS) {
-                fprintf(stderr, "Error: too many environment variables\n");
+                fprintf(stderr, "Error: too many environment variables, please use --rmenv\n");
                 exit(1);
         }