execv fixes

5 files changed, 7 insertions, 9 deletions

diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c
index ab9714afe..512cc0b05 100644
--- a/src/firejail/bandwidth.c
+++ b/src/firejail/bandwidth.c
@@ -462,7 +462,7 @@ void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, in
         arg[1] = "-c";
         arg[2] = cmd;
         arg[3] = NULL;
-        assert(getenv("LD_PRELOAD") == NULL);   
+        clearenv();
         execvp(arg[0], arg);
         
         // it will never get here
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c
index d6fee0608..a3576e7c4 100644
--- a/src/firejail/fs_bin.c
+++ b/src/firejail/fs_bin.c
@@ -191,7 +191,7 @@ static void duplicate(char *fname) {
                                 char *f;
                                 if (asprintf(&f, "%s/%s", RUN_BIN_DIR, fname) == -1)
                                         errExit("asprintf");
-                                assert(getenv("LD_PRELOAD") == NULL);   
+                                clearenv();     
                                 execlp(RUN_CP_COMMAND, RUN_CP_COMMAND, "-a", actual_path, f, NULL);
                                 perror("execlp");
                                 _exit(1);
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
index 4f3417236..830de7c9f 100644
--- a/src/firejail/fs_etc.c
+++ b/src/firejail/fs_etc.c
@@ -105,7 +105,7 @@ static void duplicate(char *fname) {
                 char *f;
                 if (asprintf(&f, "/etc/%s", fname) == -1)
                         errExit("asprintf");
-                assert(getenv("LD_PRELOAD") == NULL);   
+                clearenv();     
                 execlp(RUN_CP_COMMAND, RUN_CP_COMMAND, "-a", "--parents", f, RUN_MNT_DIR, NULL);
                 perror("execlp");
                 _exit(1);
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c
index efef45d90..1df4b7a0f 100644
--- a/src/firejail/netfilter.c
+++ b/src/firejail/netfilter.c
@@ -143,8 +143,7 @@ void netfilter(const char *fname) {
                 dup2(fd,STDIN_FILENO);
 
                 // wipe out environment variables
-                environ = NULL;
-                assert(getenv("LD_PRELOAD") == NULL);   
+                clearenv();     
                 execl(iptables_restore, iptables_restore, NULL);
                 perror("execl");
                 _exit(1);
@@ -258,8 +257,7 @@ void netfilter6(const char *fname) {
                 dup2(fd,STDIN_FILENO);
 
                 // wipe out environment variables
-                environ = NULL;
-                assert(getenv("LD_PRELOAD") == NULL);   
+                clearenv();     
                 execl(ip6tables_restore, ip6tables_restore, NULL);
                 perror("execl");
                 _exit(1);
@@ -273,7 +271,7 @@ void netfilter6(const char *fname) {
                 if (child < 0)
                         errExit("fork");
                 if (child == 0) {
-                        environ = NULL;
+                        clearenv();     
                         execl(ip6tables, ip6tables, "-vL", NULL);
                         perror("execl");
                         _exit(1);
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c
index a5a067090..65ca5c443 100644
--- a/src/firejail/sbox.c
+++ b/src/firejail/sbox.c
@@ -165,7 +165,7 @@ int sbox_run(unsigned filter, int num, ...) {
                 else if (filter & SBOX_USER)
                         drop_privs(1);
 
-                assert(getenv("LD_PRELOAD") == NULL);   
+                clearenv();
                 if (arg[0])     // get rid of scan-build warning
                         execvp(arg[0], arg);
                 else