Importing latest baselayout/trunk changes. Merging revision 1773.

svn path=/baselayout-vserver/trunk/; revision=160

2 files changed, 451 insertions, 401 deletions

diff --git a/src/core/src/depscan.c b/src/core/src/depscan.c
index 8cc9da8..d5a18a3 100644
--- a/src/core/src/depscan.c
+++ b/src/core/src/depscan.c
@@ -35,264 +35,287 @@
 #include <unistd.h>
 
 #include "librcscripts/rcscripts.h"
-#include "librcscripts/debug.h"
-#include "librcscripts/depend.h"
-#include "librcscripts/misc.h"
-#include "librcscripts/parse.h"
-
-char* svcdir_subdirs[] = {
-	"softscripts",
-	"snapshot",
-	"options",
-	"started",
-	"starting",
-	"inactive",
-	"stopping",
-	NULL
+
+char *svcdir_subdirs[] = {
+  "softscripts",
+  "snapshot",
+  "options",
+  "started",
+  "starting",
+  "inactive",
+  "stopping",
+  NULL
 };
 
 char *svcdir_volatile_subdirs[] = {
-	"snapshot",
-	"broken",
-	NULL
+  "snapshot",
+  "broken",
+  NULL
 };
 
-int create_directory(const char *name);
-int create_var_dirs(const char *svcdir);
-int delete_var_dirs(const char *svcdir);
-
-int create_directory(const char *name) {
-	if ((NULL == name) || (0 == strlen(name))) {
-		DBG_MSG("Invalid argument passed!\n");
-		errno = EINVAL;
-		return -1;
+int create_directory (const char *name);
+int create_var_dirs (const char *svcdir);
+int delete_var_dirs (const char *svcdir);
+
+int
+create_directory (const char *name)
+{
+  if (!check_arg_str (name))
+    return -1;
+
+  /* Check if directory exist, and is not a symlink */
+  if (!is_dir (name, 0))
+    {
+      if (exists (name))
+	{
+	  /* Remove it if not a directory */
+	  if (-1 == unlink (name))
+	    {
+	      DBG_MSG ("Failed to remove '%s'!\n", name);
+	      return -1;
+	    }
 	}
-
-	/* Check if directory exist, and is not a symlink */
-	if (!is_dir(name, 0)) {
-		if (exists(name)) {
-			/* Remove it if not a directory */
-			if (-1 == unlink(name)) {
-				DBG_MSG("Failed to remove '%s'!\n", name);
-				return -1;
-			}
-		}
-		/* Now try to create the directory */
-		if (-1 == mktree(name, 0755)) {
-			DBG_MSG("Failed to create '%s'!\n", name);
-			return -1;
-		}
+      /* Now try to create the directory */
+      if (-1 == mktree (name, 0755))
+	{
+	  DBG_MSG ("Failed to create '%s'!\n", name);
+	  return -1;
 	}
+    }
 
-	return 0;
+  return 0;
 }
 
-int create_var_dirs(const char *svcdir) {
-	char *tmp_path = NULL;
-	int i = 0;
-	
-	if ((NULL == svcdir) || (0 == strlen(svcdir))) {
-		DBG_MSG("Invalid argument passed!\n");
-		errno = EINVAL;
-		return -1;
+int
+create_var_dirs (const char *svcdir)
+{
+  char *tmp_path = NULL;
+  int i = 0;
+
+  if (!check_arg_str (svcdir))
+    return -1;
+
+  /* Check and create svcdir if needed */
+  if (-1 == create_directory (svcdir))
+    {
+      DBG_MSG ("Failed to create '%s'!\n", svcdir);
+      return -1;
+    }
+
+  while (NULL != svcdir_subdirs[i])
+    {
+      tmp_path = strcatpaths (svcdir, svcdir_subdirs[i]);
+      if (NULL == tmp_path)
+	{
+	  DBG_MSG ("Failed to allocate buffer!\n");
+	  return -1;
 	}
 
-	/* Check and create svcdir if needed */
-	if (-1 == create_directory(svcdir)) {
-		DBG_MSG("Failed to create '%s'!\n", svcdir);
-		return -1;
+      /* Check and create all the subdirs if needed */
+      if (-1 == create_directory (tmp_path))
+	{
+	  DBG_MSG ("Failed to create '%s'!\n", tmp_path);
+	  free (tmp_path);
+	  return -1;
 	}
 
-	while (NULL != svcdir_subdirs[i]) {
-		tmp_path = strcatpaths(svcdir, svcdir_subdirs[i]);
-		if (NULL == tmp_path) {
-			DBG_MSG("Failed to allocate buffer!\n");
-			return -1;
-		}
-		
-		/* Check and create all the subdirs if needed */
-		if (-1 == create_directory(tmp_path)) {
-			DBG_MSG("Failed to create '%s'!\n", tmp_path);
-			free(tmp_path);
-			return -1;
-		}
-		
-		free(tmp_path);
-		i++;
-	}
+      free (tmp_path);
+      i++;
+    }
 
-	return 0;
+  return 0;
 }
 
-int delete_var_dirs(const char *svcdir) {
-	char *tmp_path = NULL;
-	int i = 0;
-	
-	if ((NULL == svcdir) || (0 == strlen(svcdir))) {
-		DBG_MSG("Invalid argument passed!\n");
-		errno = EINVAL;
-		return -1;
+int
+delete_var_dirs (const char *svcdir)
+{
+  char *tmp_path = NULL;
+  int i = 0;
+
+  if (!check_arg_str (svcdir))
+    return -1;
+
+  /* Just quit if svcdir do not exist */
+  if (!exists (svcdir))
+    {
+      DBG_MSG ("'%s' does not exist!\n", svcdir);
+      return 0;
+    }
+
+  while (NULL != svcdir_volatile_subdirs[i])
+    {
+      tmp_path = strcatpaths (svcdir, svcdir_volatile_subdirs[i]);
+      if (NULL == tmp_path)
+	{
+	  DBG_MSG ("Failed to allocate buffer!\n");
+	  return -1;
 	}
 
-	/* Just quit if svcdir do not exist */
-	if (!exists(svcdir)) {
-		DBG_MSG("'%s' does not exist!\n", svcdir);
-		return 0;
+      /* Skip the directory if it does not exist */
+      if (!exists (tmp_path))
+	goto _continue;
+
+      /* Check and delete all files and sub directories if needed */
+      if (-1 == rmtree (tmp_path))
+	{
+	  DBG_MSG ("Failed to delete '%s'!\n", tmp_path);
+	  free (tmp_path);
+	  return -1;
 	}
 
-	while (NULL != svcdir_volatile_subdirs[i]) {
-		tmp_path = strcatpaths(svcdir, svcdir_volatile_subdirs[i]);
-		if (NULL == tmp_path) {
-			DBG_MSG("Failed to allocate buffer!\n");
-			return -1;
-		}
-
-		/* Skip the directory if it does not exist */
-		if (!exists(tmp_path))
-			goto _continue;
-		
-		/* Check and delete all files and sub directories if needed */
-		if (-1 == rmtree(tmp_path)) {
-			DBG_MSG("Failed to delete '%s'!\n", tmp_path);
-			free(tmp_path);
-			return -1;
-		}
-		
 _continue:
-		free(tmp_path);
-		i++;
-	}
+      free (tmp_path);
+      i++;
+    }
 
-	return 0;
+  return 0;
 }
 
 #if defined(LEGACY_DEPSCAN)
 
-int main() {
-	FILE *cachefile_fd = NULL;
-	char *data = NULL;
-	char *svcdir = NULL;
-	char *cachefile = NULL;
-	char *tmp_cachefile = NULL;
-	int tmp_cachefile_fd = 0;
-	int datasize = 0;
-
-	/* Make sure we do not run into locale issues */
+int
+main (void)
+{
+  dyn_buf_t *data;
+  FILE *cachefile_fd = NULL;
+  char *svcdir = NULL;
+  char *cachefile = NULL;
+  char *tmp_cachefile = NULL;
+  int tmp_cachefile_fd = 0;
+  int datasize = 0;
+
+  /* Make sure we do not run into locale issues */
 #ifndef __KLIBC__
-	setlocale (LC_ALL, "C");
+  setlocale (LC_ALL, "C");
 #endif
 
-	if (0 != getuid()) {
-		EERROR("Must be root!\n");
-		exit(EXIT_FAILURE);
+  if (0 != getuid ())
+    {
+      EERROR ("Must be root!\n");
+      exit (EXIT_FAILURE);
+    }
+
+  svcdir = get_cnf_entry (RC_CONFD_FILE_NAME, SVCDIR_CONFIG_ENTRY);
+  if (NULL == svcdir)
+    {
+      EERROR ("Failed to get config entry '%s'!\n", SVCDIR_CONFIG_ENTRY);
+      exit (EXIT_FAILURE);
+    }
+
+  /* Delete (if needed) volatile directories in svcdir */
+  if (-1 == delete_var_dirs (svcdir))
+    {
+      /* XXX: Not 100% accurate below message ... */
+      EERROR ("Failed to delete '%s', %s", svcdir,
+	      "or one of its sub directories!\n");
+      exit (EXIT_FAILURE);
+    }
+
+  /* Create all needed directories in svcdir */
+  if (-1 == create_var_dirs (svcdir))
+    {
+      EERROR ("Failed to create '%s', %s", svcdir,
+	      "or one of its sub directories!\n");
+      exit (EXIT_FAILURE);
+    }
+
+  cachefile = strcatpaths (svcdir, LEGACY_CACHE_FILE_NAME);
+  if (NULL == cachefile)
+    {
+      DBG_MSG ("Failed to allocate buffer!\n");
+      exit (EXIT_FAILURE);
+    }
+
+  tmp_cachefile = strcatpaths (cachefile, "XXXXXX");
+  if (NULL == tmp_cachefile)
+    {
+      DBG_MSG ("Failed to allocate buffer!\n");
+      exit (EXIT_FAILURE);
+    }
+  /* Replace the "/XXXXXX" with ".XXXXXX"
+   * Yes, I am lazy. */
+  tmp_cachefile[strlen (tmp_cachefile) - strlen (".XXXXXX")] = '.';
+
+  if (-1 == get_rcscripts ())
+    {
+      EERROR ("Failed to get rc-scripts list!\n");
+      exit (EXIT_FAILURE);
+    }
+
+  if (-1 == check_rcscripts_mtime (cachefile))
+    {
+      EINFO ("Caching service dependencies ...\n");
+      DBG_MSG ("Regenerating cache file '%s'.\n", cachefile);
+
+      data = new_dyn_buf ();
+
+      datasize = generate_stage2 (data);
+      if (-1 == datasize)
+	{
+	  EERROR ("Failed to generate stage2!\n");
+	  exit (EXIT_FAILURE);
 	}
 
-	svcdir = get_cnf_entry(RC_CONFD_FILE_NAME, SVCDIR_CONFIG_ENTRY);
-	if (NULL == svcdir) {
-		EERROR("Failed to get config entry '%s'!\n",
-				SVCDIR_CONFIG_ENTRY);
-		exit(EXIT_FAILURE);
-	}
+#if 0
+      tmp_cachefile_fd = open ("foo", O_CREAT | O_TRUNC | O_RDWR, 0600);
+      write (tmp_cachefile_fd, data->data, datasize);
+      close (tmp_cachefile_fd);
+#endif
 
-	/* Delete (if needed) volatile directories in svcdir */
-	if (-1 == delete_var_dirs(svcdir)) {
-		/* XXX: Not 100% accurate below message ... */
-		EERROR("Failed to delete '%s', %s", svcdir,
-				"or one of its sub directories!\n");
-		exit(EXIT_FAILURE);
+      if (-1 == parse_cache (data))
+	{
+	  EERROR ("Failed to parse stage2 output!\n");
+	  free_dyn_buf (data);
+	  exit (EXIT_FAILURE);
 	}
 
-	/* Create all needed directories in svcdir */
-	if (-1 == create_var_dirs(svcdir)) {
-		EERROR("Failed to create '%s', %s", svcdir,
-				"or one of its sub directories!\n");
-		exit(EXIT_FAILURE);
-	}
+      free_dyn_buf (data);
 
-	cachefile = strcatpaths(svcdir, LEGACY_CACHE_FILE_NAME);
-	if (NULL == cachefile) {
-		DBG_MSG("Failed to allocate buffer!\n");
-		exit(EXIT_FAILURE);
-	}
-	
-	tmp_cachefile = strcatpaths(cachefile, "XXXXXX");
-	if (NULL == tmp_cachefile) {
-		DBG_MSG("Failed to allocate buffer!\n");
-		exit(EXIT_FAILURE);
+      if (-1 == service_resolve_dependencies ())
+	{
+	  EERROR ("Failed to resolve dependencies!\n");
+	  exit (EXIT_FAILURE);
 	}
-	/* Replace the "/XXXXXX" with ".XXXXXX"
-	 * Yes, I am lazy. */
-	tmp_cachefile[strlen(tmp_cachefile) - strlen(".XXXXXX")] = '.';
 
-	if (-1 == get_rcscripts()) {
-		EERROR("Failed to get rc-scripts list!\n");
-		exit(EXIT_FAILURE);
-	}
-
-	if (-1 == check_rcscripts_mtime(cachefile)) {
-		EINFO("Caching service dependencies ...\n");
-		DBG_MSG("Regenerating cache file '%s'.\n", cachefile);
-
-		datasize = generate_stage2(&data);
-		if (-1 == datasize) {
-			EERROR("Failed to generate stage2!\n");
-			exit(EXIT_FAILURE);
-		}
-		
-		if (-1 == parse_cache(data, datasize)) {
-			EERROR("Failed to parse stage2 output!\n");
-			free(data);
-			exit(EXIT_FAILURE);
-		}
-
-#if 0
-		tmp_cachefile_fd = open("foo", O_CREAT | O_TRUNC | O_RDWR, 0600);
-		write(tmp_cachefile_fd, data, datasize);
-		close(tmp_cachefile_fd);
+#ifndef __KLIBC__
+      tmp_cachefile_fd = mkstemp (tmp_cachefile);
+#else
+      /* FIXME: Need to add a mkstemp implementation for klibc */
+      tmp_cachefile_fd =
+       open (tmp_cachefile, O_CREAT | O_TRUNC | O_RDWR, 0600);
 #endif
+      if (-1 == tmp_cachefile_fd)
+	{
+	  EERROR ("Could not open temporary file for writing!\n");
+	  exit (EXIT_FAILURE);
+	}
+      
+      cachefile_fd = fdopen (tmp_cachefile_fd, "w");
+      if (NULL == cachefile_fd)
+	{
+	  EERROR ("Could not open temporary file for writing!\n");
+	  exit (EXIT_FAILURE);
+	}
 
-		free(data);
+      write_legacy_stage3 (cachefile_fd);
+      fclose (cachefile_fd);
 
-		if (-1 == service_resolve_dependencies()) {
-			EERROR("Failed to resolve dependencies!\n");
-			exit(EXIT_FAILURE);
-		}
+      if ((-1 == unlink (cachefile)) && (exists (cachefile)))
+	{
+	  EERROR ("Could not remove '%s'!\n", cachefile);
+	  unlink (tmp_cachefile);
+	  exit (EXIT_FAILURE);
+	}
 
-#ifndef __KLIBC__
-		tmp_cachefile_fd = mkstemp(tmp_cachefile);
-#else
-		/* FIXME: Need to add a mkstemp implementation for klibc */
-		tmp_cachefile_fd = open(tmp_cachefile, O_CREAT | O_TRUNC | O_RDWR, 0600);
-#endif
-		if (-1 == tmp_cachefile_fd) {
-			EERROR("Could not open temporary file for writing!\n");
-			exit(EXIT_FAILURE);
-		}
-		cachefile_fd = fdopen(tmp_cachefile_fd, "w");
-		if (NULL == cachefile_fd) {
-			EERROR("Could not open temporary file for writing!\n");
-			exit(EXIT_FAILURE);
-		}
-		
-		write_legacy_stage3(cachefile_fd);
-		fclose(cachefile_fd);
-
-		if ((-1 == unlink(cachefile)) && (exists(cachefile))) {
-			EERROR("Could not remove '%s'!\n", cachefile);
-			unlink(tmp_cachefile);
-			exit(EXIT_FAILURE);
-		}
-
-		if (-1 == rename(tmp_cachefile, cachefile)) {
-			EERROR("Could not move temporary file to '%s'!\n",
-					cachefile);
-			unlink(tmp_cachefile);
-			exit(EXIT_FAILURE);
-		}
+      if (-1 == rename (tmp_cachefile, cachefile))
+	{
+	  EERROR ("Could not move temporary file to '%s'!\n", cachefile);
+	  unlink (tmp_cachefile);
+	  exit (EXIT_FAILURE);
 	}
+    }
 
-	exit(EXIT_SUCCESS);
+  exit (EXIT_SUCCESS);
 }
 
 #endif
-
diff --git a/src/core/src/runscript.c b/src/core/src/runscript.c
index dc3ba51..bccd61e 100644
--- a/src/core/src/runscript.c
+++ b/src/core/src/runscript.c
@@ -17,221 +17,248 @@
 #include <dlfcn.h>
 
 #include "librcscripts/rcscripts.h"
-#include "librcscripts/debug.h"
-#include "librcscripts/misc.h"
 
-#define IS_SBIN_RC()	((caller) && (0 == strcmp(caller, SBIN_RC)))
+#define IS_SBIN_RC()	((caller) && (0 == strcmp (caller, SBIN_RC)))
 
 static void (*selinux_run_init_old) (void);
 static void (*selinux_run_init_new) (int argc, char **argv);
 
+void setup_selinux (int argc, char **argv);
+char ** get_whitelist (char **whitelist, char *filename);
+char ** filter_environ (char *caller);
+
 extern char **environ;
 
-void setup_selinux(int argc, char **argv) {
-	void *lib_handle = NULL;
-	
-	lib_handle = dlopen(SELINUX_LIB, RTLD_NOW | RTLD_GLOBAL);
-	if (NULL != lib_handle) {
-		selinux_run_init_old = dlsym(lib_handle, "selinux_runscript");
-		selinux_run_init_new = dlsym(lib_handle, "selinux_runscript2");
-
-		/* Use new run_init if it exists, else fall back to old */
-		if (NULL != selinux_run_init_new)
-			selinux_run_init_new(argc, argv);
-		else if (NULL != selinux_run_init_old)
-			selinux_run_init_old();
-		else {
-			/* This shouldnt happen... probably corrupt lib */
-			fprintf(stderr, "Run_init is missing from runscript_selinux.so!\n");
-			exit(127);
-		}
+void
+setup_selinux (int argc, char **argv)
+{
+  void *lib_handle = NULL;
+
+  lib_handle = dlopen (SELINUX_LIB, RTLD_NOW | RTLD_GLOBAL);
+  if (NULL != lib_handle)
+    {
+      selinux_run_init_old = dlsym (lib_handle, "selinux_runscript");
+      selinux_run_init_new = dlsym (lib_handle, "selinux_runscript2");
+
+      /* Use new run_init if it exists, else fall back to old */
+      if (NULL != selinux_run_init_new)
+	selinux_run_init_new (argc, argv);
+      else if (NULL != selinux_run_init_old)
+	selinux_run_init_old ();
+      else
+	{
+	  /* This shouldnt happen... probably corrupt lib */
+	  fprintf (stderr, "Run_init is missing from runscript_selinux.so!\n");
+	  exit (127);
 	}
+    }
 }
 
-char **get_whitelist(char **whitelist, char *filename) {
-	char *buf = NULL;
-	char *tmp_buf = NULL;
-	char *tmp_p = NULL;
-	char *token = NULL;
-	size_t lenght = 0;
-	int count = 0;
-	int current = 0;
-			
-	if (-1 == file_map(filename, &buf, &lenght))
-		return NULL;
-
-	while (current < lenght) {
-		count = buf_get_line(buf, lenght, current);
-
-		tmp_buf = strndup(&buf[current], count);
-		if (NULL == tmp_buf) {
-			DBG_MSG("Failed to allocate temporary buffer!\n");
-			goto error;
-		}
-		tmp_p = tmp_buf;
-		
-		/* Strip leading spaces/tabs */
-		while ((tmp_p[0] == ' ') || (tmp_p[0] == '\t'))
-			tmp_p++;
-
-		/* Get entry - we do not want comments, and only the first word
-		 * on a line is valid */
-		token = strsep(&tmp_p, "# \t");
-		if (NULL != token && '\0' != token[0]) {
-			tmp_p = strndup(token, strlen(token));
-			STRING_LIST_ADD(whitelist, tmp_p, error);
-		}
-
-		current += count + 1;
-		free(tmp_buf);
-		/* Set to NULL in case we error out above and have
-		 * to free below */
-		tmp_buf = NULL;
+char **
+get_whitelist (char **whitelist, char *filename)
+{
+  char *buf = NULL;
+  char *tmp_buf = NULL;
+  char *tmp_p = NULL;
+  char *token = NULL;
+  size_t lenght = 0;
+  int count = 0;
+  int current = 0;
+
+  if (-1 == file_map (filename, &buf, &lenght))
+    return NULL;
+
+  while (current < lenght)
+    {
+      count = buf_get_line (buf, lenght, current);
+
+      tmp_buf = xstrndup (&buf[current], count);
+      if (NULL == tmp_buf)
+	goto error;
+
+      tmp_p = tmp_buf;
+
+      /* Strip leading spaces/tabs */
+      while ((tmp_p[0] == ' ') || (tmp_p[0] == '\t'))
+	tmp_p++;
+
+      /* Get entry - we do not want comments, and only the first word
+       * on a line is valid */
+      token = strsep (&tmp_p, "# \t");
+      if (check_str (token))
+	{
+	  tmp_p = xstrndup (token, strlen (token));
+	  if (NULL == tmp_p)
+	    goto error;
+
+	  str_list_add_item (whitelist, tmp_p, error);
 	}
-				
 
-	file_unmap(buf, lenght);
+      current += count + 1;
+      free (tmp_buf);
+      /* Set to NULL in case we error out above and have
+       * to free below */
+      tmp_buf = NULL;
+    }
 
-	return whitelist;
+
+  file_unmap (buf, lenght);
+
+  return whitelist;
 
 error:
-	if (NULL != tmp_buf)
-		free(tmp_buf);
-	file_unmap(buf, lenght);
-	STRING_LIST_FREE(whitelist);
+  if (NULL != tmp_buf)
+    free (tmp_buf);
+  file_unmap (buf, lenght);
+  str_list_free (whitelist);
 
-	return NULL;
+  return NULL;
 }
 
-char **filter_environ(char *caller) {
-	char **myenv = NULL;
-	char **whitelist = NULL;
-	char *env_name = NULL;
-	int check_profile = 1;
-	int count = 0;
-
-	if (NULL != getenv(SOFTLEVEL) && !IS_SBIN_RC())
-		/* Called from /sbin/rc, but not /sbin/rc itself, so current
-		 * environment should be fine */
-		return environ;
-
-	if (1 == is_file(SYS_WHITELIST, 1))
-		whitelist = get_whitelist(whitelist, SYS_WHITELIST);
-	else
-		EWARN("System environment whitelist missing!\n");
-
-	if (1 == is_file(USR_WHITELIST, 1))
-		whitelist = get_whitelist(whitelist, USR_WHITELIST);
-	
-	if (NULL == whitelist)
-		/* If no whitelist is present, revert to old behaviour */
-		return environ;
-		
-	if (1 != is_file(PROFILE_ENV, 1))
-		/* XXX: Maybe warn here? */
-		check_profile = 0;
-	
-	STRING_LIST_FOR_EACH(whitelist, env_name, count) {
-		char *env_var = NULL;
-		char *tmp_p = NULL;
-		int env_len = 0;
-	
-		env_var = getenv(env_name);
-		if (NULL != env_var)
-			goto add_entry;
-
-		if (1 == check_profile) {
-			char *tmp_env_name = NULL;
-			int tmp_len = 0;
-			
-			/* The entries in PROFILE_ENV is of the form:
-			 * export VAR_NAME=value */
-			tmp_len = strlen(env_name) + strlen("export ") + 1;
-			tmp_env_name = calloc(tmp_len, sizeof(char *));
-			if (NULL == tmp_env_name) {
-				DBG_MSG("Failed to allocate temporary buffer!\n");
-				goto error;
-			}
-			snprintf(tmp_env_name, tmp_len, "export %s", env_name);
-			
-			/* Clear errno so that subsequent calls do not trigger
-			 * DBG_MSG */
-			errno = 0;
-			env_var = get_cnf_entry(PROFILE_ENV, tmp_env_name);
-			free(tmp_env_name);
-			if (NULL == env_var && ENOMSG != errno)
-				goto error;
-			else if (NULL != env_var)
-				goto add_entry;
-		}
-
-		continue;
-		
-add_entry:
-		env_len = strlen(env_name) + strlen(env_var) + 2;
-		tmp_p = calloc(env_len, sizeof(char *));
-		if (NULL == tmp_p) {
-			DBG_MSG("Failed to allocate temporary buffer!\n");
-			goto error;
-		}
-		snprintf(tmp_p, env_len, "%s=%s", env_name, env_var);
-		STRING_LIST_ADD(myenv, tmp_p, error);
+char **
+filter_environ (char *caller)
+{
+  char **myenv = NULL;
+  char **whitelist = NULL;
+  char *env_name = NULL;
+  int check_profile = 1;
+  int count = 0;
+
+  if (NULL != getenv (SOFTLEVEL) && !IS_SBIN_RC ())
+    /* Called from /sbin/rc, but not /sbin/rc itself, so current
+     * environment should be fine */
+    return environ;
+
+  if (1 == is_file (SYS_WHITELIST, 1))
+    whitelist = get_whitelist (whitelist, SYS_WHITELIST);
+  else
+    EWARN ("System environment whitelist missing!\n");
+
+  if (1 == is_file (USR_WHITELIST, 1))
+    whitelist = get_whitelist (whitelist, USR_WHITELIST);
+
+  if (NULL == whitelist)
+    /* If no whitelist is present, revert to old behaviour */
+    return environ;
+
+  if (1 != is_file (PROFILE_ENV, 1))
+    /* XXX: Maybe warn here? */
+    check_profile = 0;
+
+  str_list_for_each_item (whitelist, env_name, count)
+    {
+      char *env_var = NULL;
+      char *tmp_p = NULL;
+      int env_len = 0;
+
+      env_var = getenv (env_name);
+      if (NULL != env_var)
+	goto add_entry;
+
+      if (1 == check_profile)
+	{
+	  char *tmp_env_name = NULL;
+	  int tmp_len = 0;
+
+	  /* The entries in PROFILE_ENV is of the form:
+	   * export VAR_NAME=value */
+	  tmp_len = strlen (env_name) + strlen ("export ") + 1;
+	  tmp_env_name = xcalloc (tmp_len, sizeof (char *));
+	  if (NULL == tmp_env_name)
+	    goto error;
+
+	  snprintf (tmp_env_name, tmp_len, "export %s", env_name);
+
+	  env_var = get_cnf_entry (PROFILE_ENV, tmp_env_name);
+	  free (tmp_env_name);
+	  if ((NULL == env_var) && (0 != errno) && (ENOMSG != errno))
+	    goto error;
+	  else if (NULL != env_var)
+	    goto add_entry;
 	}
 
-	STRING_LIST_FREE(whitelist);
+      continue;
+
+add_entry:
+      env_len = strlen (env_name) + strlen (env_var) + 2;
+      tmp_p = xcalloc (env_len, sizeof (char *));
+      if (NULL == tmp_p)
+	goto error;
+
+      snprintf (tmp_p, env_len, "%s=%s", env_name, env_var);
+      str_list_add_item (myenv, tmp_p, error);
+    }
+
+  str_list_free (whitelist);
 
-	if (NULL == myenv)
-		/* If all else fails, just add a default PATH */
-		STRING_LIST_ADD(myenv, strdup(DEFAULT_PATH), error);
-	
-	return myenv;
+  if (NULL == myenv)
+    {
+      char *tmp_str;
+
+      tmp_str = xstrndup (DEFAULT_PATH, strlen (DEFAULT_PATH));
+      if (NULL == tmp_str)
+	goto error;
+
+      /* If all else fails, just add a default PATH */
+      str_list_add_item (myenv, strdup (DEFAULT_PATH), error);
+    }
+
+  return myenv;
 
 error:
-	STRING_LIST_FREE(myenv);
-	STRING_LIST_FREE(whitelist);
-	
-	return NULL;
+  str_list_free (myenv);
+  str_list_free (whitelist);
+
+  return NULL;
 }
 
-int main(int argc, char *argv[]) {
-	char *myargs[32];
-	char **myenv = NULL;
-	char *caller = argv[1];
-	int new = 1;
-	
-	/* Need to be /bin/bash, else BASH is invalid */
-	myargs[0] = "/bin/bash";
-	while (argv[new] != 0) {
-		myargs[new] = argv[new];
-		new++;
-	}
-	myargs[new] = NULL;
+int
+main (int argc, char *argv[])
+{
+  char *myargs[32];
+  char **myenv = NULL;
+  char *caller = argv[1];
+  int new = 1;
 
-	/* Do not do help for /sbin/rc */
-	if (argc < 3 && !IS_SBIN_RC()) {
-		execv(RCSCRIPT_HELP, myargs);
-		exit(1);
-	}
+  /* Need to be /bin/bash, else BASH is invalid */
+  myargs[0] = "/bin/bash";
+  while (argv[new] != 0)
+    {
+      myargs[new] = argv[new];
+      new++;
+    }
+  myargs[new] = NULL;
 
-	/* Setup a filtered environment according to the whitelist */
-	myenv = filter_environ(caller);
-	if (NULL == myenv) {
-		EWARN("%s: Failed to filter the environment!\n", caller);
-		/* XXX: Might think to bail here, but it could mean the system
-		 *      is rendered unbootable, so rather not */
-		myenv = environ;
-	}
+  /* Do not do help for /sbin/rc */
+  if (argc < 3 && !IS_SBIN_RC ())
+    {
+      execv (RCSCRIPT_HELP, myargs);
+      exit (1);
+    }
 
-	/* Ok, we are ready to go, so setup selinux if applicable */
-	setup_selinux(argc, argv);
+  /* Setup a filtered environment according to the whitelist */
+  myenv = filter_environ (caller);
+  if (NULL == myenv)
+    {
+      EWARN ("%s: Failed to filter the environment!\n", caller);
+      /* XXX: Might think to bail here, but it could mean the system
+       *      is rendered unbootable, so rather not */
+      myenv = environ;
+    }
 
-	if (!IS_SBIN_RC()) {
-		if (execve("/sbin/runscript.sh", myargs, myenv) < 0)
-			exit(1);
-	} else {
-		if (execve("/bin/bash", myargs, myenv) < 0)
-			exit(1);
-	}
+  /* Ok, we are ready to go, so setup selinux if applicable */
+  setup_selinux (argc, argv);
+
+  if (!IS_SBIN_RC ())
+    {
+      if (execve ("/sbin/runscript.sh", myargs, myenv) < 0)
+	exit (1);
+    }
+  else
+    {
+      if (execve ("/bin/bash", myargs, myenv) < 0)
+	exit (1);
+    }
 
-	return 0;
+  return 0;
 }