Ensure the bundler and BUNDLE_GEMFILE env vars are not sent to cockpi…

…t-ws This was causing the ruby authentication process to look for our Gemfile and Gemfile.lock which caused a bunch of SELinux denials https://bugzilla.redhat.com/show_bug.cgi?id=1779988
ManageIQ · Dec 11, 2019 · 63b44ed · 63b44ed
1 parent 53207cb
commit 63b44ed
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/app/models/miq_cockpit_ws_worker/runner.rb b/app/models/miq_cockpit_ws_worker/runner.rb
@@ -148,7 +148,9 @@ def cockpit_ws_run
       "XDG_CONFIG_DIRS" => cockpit_ws.config_dir,
       "DRB_URI"         => @drb_uri
     }
-    stdin, stdout, stderr, wait_thr = Open3.popen3(env, *cockpit_ws.command(BINDING_ADDRESS))
+    Bundler.with_clean_env do
+      stdin, stdout, stderr, wait_thr = Open3.popen3(env, *cockpit_ws.command(BINDING_ADDRESS), :unsetenv_others => true)
+    end
     stdin.close
 
     _log.info("#{log_prefix} cockpit-ws process started - pid=#{@pid}")