Dump variables to /etc/environment

Dockerfile.m4

@@ -396,7 +396,7 @@ ENV UNPRIVILEGED_USER_PASSWORD=password
 ENV UNPRIVILEGED_USER_GROUPS=
 ENV UNPRIVILEGED_USER_SHELL=/bin/bash
 ENV XRDP_TLS_KEY_PATH=/etc/xrdp/key.pem
-ENV XRDP_TLS_CERT_PATH=/etc/xrdp/cert.pem
+ENV XRDP_TLS_CRT_PATH=/etc/xrdp/cert.pem
 ENV ENABLE_XDUMMY=false
 ENV VGL_DISPLAY=:0
 ## Workaround for AMDGPU X_GLXCreatePbuffer issue:
@@ -425,16 +425,19 @@ RUN mkdir /run/dbus/ && chown messagebus:messagebus /run/dbus/
 RUN dbus-uuidgen > /etc/machine-id
 RUN ln -sf /etc/machine-id /var/lib/dbus/machine-id
 
-# Remove default keys and certificates
-RUN rm -f /etc/ssh/ssh_host_*
-RUN rm -f "${XRDP_TLS_KEY_PATH:?}" "${XRDP_TLS_CERT_PATH:?}"
-
 # Create socket directory for X server
 RUN mkdir /tmp/.X11-unix/ && chmod 1777 /tmp/.X11-unix/
 
+# Make sesman read environment variables
+RUN printf '%s\n' 'session required pam_env.so readenv=1' >> /etc/pam.d/xrdp-sesman
+
 # Configure server for use with VirtualGL
 RUN vglserver_config -config +s +f -t
 
+# Remove default keys and certificates
+RUN rm -f /etc/ssh/ssh_host_*
+RUN rm -f "${XRDP_TLS_KEY_PATH:?}" "${XRDP_TLS_CRT_PATH:?}"
+
 # Forward logs to Docker log collector
 RUN ln -sf /dev/stdout /var/log/xdummy.log
 RUN ln -sf /dev/stdout /var/log/xrdp.log

scripts/bin/container-init

@@ -43,10 +43,6 @@ if [ -n "${UNPRIVILEGED_USER_PASSWORD?}" ]; then
 else
 	passwd -d "${UNPRIVILEGED_USER_NAME:?}"
 fi
-unset UNPRIVILEGED_USER_PASSWORD
-
-# Dump environment variables
-export-env > /etc/profile.d/env.sh
 
 # Enable xdummy service if ENABLE_XDUMMY is true
 if [ "${ENABLE_XDUMMY:?}" = 'true' ]; then
@@ -68,9 +64,9 @@ if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
 fi
 
 # Generate RDP certificate if it does not exist
-if [ ! -f "${XRDP_TLS_KEY_PATH:?}" ] || [ ! -f "${XRDP_TLS_CERT_PATH:?}" ]; then
+if [ ! -f "${XRDP_TLS_KEY_PATH:?}" ] || [ ! -f "${XRDP_TLS_CRT_PATH:?}" ]; then
 	KEY_FILE=${XRDP_TLS_KEY_PATH:?}
-	CRT_FILE=${XRDP_TLS_CERT_PATH:?}
+	CRT_FILE=${XRDP_TLS_CRT_PATH:?}
 	CSR_FILE=$(mktemp -u)
 
 	(umask 077 \
@@ -84,5 +80,8 @@ if [ ! -f "${XRDP_TLS_KEY_PATH:?}" ] || [ ! -f "${XRDP_TLS_CERT_PATH:?}" ]; then
 	) >/dev/null
 fi
 
+# Dump environment variables
+env | grep -Ev '^(PWD|HOME|USER|USERNAME|SHELL|TERM|SHLVL)=' | sort > /etc/environment
+
 # Start runit
 exec tini -- runsvdir -P /etc/service/

scripts/bin/export-env

@@ -1,9 +0,0 @@
-#!/usr/bin/awk -f
-
-BEGIN {for (v in ENVIRON) {
-	if (v !~ /^(_|AWKPATH|AWKLIBPATH|TERM|SHLVL|PWD|HOME|SHELL|HOSTNAME|UID|USER|GID|GROUP)$/) {
-		gsub(/[^0-9A-Za-z_]/, "_", v);
-		gsub(/'/, "'\\''", ENVIRON[v]);
-		print("export "v"='"ENVIRON[v]"'");
-	}
-}}