systemctl: deprecate blanket import-environment

Importing the full environment is convenient, but it doesn't work too well in practice, because we get a metric ton of shell-specific crap that should never end up in the global environment block: $ systemctl --user show-environment ... SHELL=/bin/zsh AUTOJUMP_ERROR_PATH=/home/zbyszek/.local/share/autojump/errors.log AUTOJUMP_SOURCED=1 CONDA_SHLVL=0 CVS_RSH=ssh DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus DESKTOP_SESSION=gnome DISPLAY=:0 FPATH=/usr/share/Modules/init/zsh-functions:/usr/local/share/zsh/site-functions:/usr/share/zsh/site-functions:/usr/share/zsh/5.8/functions GDMSESSION=gnome GDM_LANG=en_US.UTF-8 GNOME_SETUP_DISPLAY=:1 GUESTFISH_INIT=$'\\e[1;34m' GUESTFISH_OUTPUT=$'\\e[0m' GUESTFISH_PS1=$'\\[\\e[1;32m\\]><fs>\\[\\e[0;31m\\] ' GUESTFISH_RESTORE=$'\\e[0m' HISTCONTROL=ignoredups HISTSIZE=1000 LOADEDMODULES= OLDPWD=/home/zbyszek PWD=/home/zbyszek QTDIR=/usr/lib64/qt-3.3 QTINC=/usr/lib64/qt-3.3/include QTLIB=/usr/lib64/qt-3.3/lib QT_IM_MODULE=ibus SDL_VIDEO_MINIMIZE_ON_FOCUS_LOSS=0 SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/2612,unix/unix:/tmp/.ICE-unix/2612 SHLVL=0 STEAM_FRAME_FORCE_CLOSE=1 TERM=xterm-256color USERNAME=zbyszek WISECONFIGDIR=/usr/share/wise2/ ... Plenty of shell-specific and terminal-specific stuff that have no global significance. Let's start warning when this is used to push people towards importing only specific variables. Putative NEWS entry: * systemctl import-environment will now emit a warning when called without any arguments (i.e. to import the full environment block of the called program). This command will usually be invoked from a shell, which means that it'll inherit a bunch of variables which are specific to that shell, and usually to the tty the shell is connected to, and don't have any meaning in the global context of the system or user service manager. Instead, only specific variables should be imported into the manager environment block. Similarly, programs which update the manager environment block by directly calling the D-Bus API of the manager, should also push specific variables, and not the full inherited environment.
author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2021-01-05 11:24:03 +0100
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2021-01-08 20:01:40 +0100
commit: 32854f70447db074635d33abc9d94756072d63b4 (patch)
tree: 1baa566538782892bbadba0a19d3ef30dd21211d /man
parent: man: improve description of environment block creation (diff)
download: systemd-32854f70447db074635d33abc9d94756072d63b4.tar.xz
systemd-32854f70447db074635d33abc9d94756072d63b4.zip
2 files changed, 8 insertions, 2 deletions
diff --git a/man/systemctl.xml b/man/systemctl.xml
index 47bb608459..27207fcf49 100644
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@@ -1118,7 +1118,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
         <varlistentry>
           <term>
             <command>import-environment</command>
-            <optional><replaceable>VARIABLE…</replaceable></optional>
+            <replaceable>VARIABLE…</replaceable>
           </term>
 
           <listitem>
@@ -1129,6 +1129,11 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
             arguments are passed, the entire environment block inherited by the <command>systemctl</command>
             process is imported. In this mode, any inherited invalid environment variables are quietly
             ignored.</para>
+
+            <para>Importing of the full inherited environment block (calling this command without any
+            arguments) is deprecated. A shell will set dozens of variables which only make sense locally and
+            are only meant for processes which are descendants of the shell. Such variables in the global
+            environment block are confusing to other processes.</para>
           </listitem>
         </varlistentry>
       </variablelist>
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index a9d863bfda..ed8ab6205c 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -2854,7 +2854,8 @@ StandardInputData=SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3BzLAp1ZmYgZWVtYWwga2xvcHAncy
     configuration, with just a few environment variables. The user manager inherits environment variables as
     any other system service, but in addition may receive additional environment variables from PAM, and,
     typically, additional imported variables when the user starts a graphical session. It is recommended to
-    keep the environment blocks in both the system and user managers managers lean.</para>
+    keep the environment blocks in both the system and user managers managers lean. Importing all variables
+    inherited by the graphical session or by one of the user shells is strongly discouraged.</para>
 
     <para>Hint: <command>systemd-run -P env</command> and <command>systemd-run --user -P env</command> print
     the effective system and user service environment blocks.</para>
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2021-01-05 11:24:03 +0100
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2021-01-08 20:01:40 +0100
commit	32854f70447db074635d33abc9d94756072d63b4 (patch)
tree	1baa566538782892bbadba0a19d3ef30dd21211d /man
parent	man: improve description of environment block creation (diff)
download	systemd-32854f70447db074635d33abc9d94756072d63b4.tar.xz systemd-32854f70447db074635d33abc9d94756072d63b4.zip