Avoid exporting variables with secrets

2021-06-01 20:58:07 +02:00
parent e29c3797c8
commit 7c6cdc6f3f
1 changed files with 1 additions and 1 deletions
--- a/scripts/bin/container-init
+++ b/scripts/bin/container-init
@@ -108,7 +108,7 @@ openssl x509 -in "${XRDP_TLS_CRT_PATH:?}" -noout -fingerprint -sha1
 openssl x509 -in "${XRDP_TLS_CRT_PATH:?}" -noout -fingerprint -sha256
 # Dump environment variables
-env | grep -Ev '^(PWD|HOME|USER|USERNAME|SHELL|TERM|SHLVL)=' | sort > /etc/environment
+env | grep -Ev '^(PWD|OLDPWD|HOME|USER|SHELL|TERM|([^=]*(PASSWORD|SECRET)[^=]*))=' | sort > /etc/environment
 # Start runit
 exec tini -- runsvdir -P /etc/service/