I am wondering if it actually could make sense to always run Singularity with --cleanenv, in order to improve isolation by default, and prevent subtle bugs.
If some environment variables are actually needed at runtime, they should explicitly be listed in the config.
NOTE: Something to check first: Is it possible to use the variables config to simply pass on existing environment variables?
Extracted from #68
I am wondering if it actually could make sense to always run Singularity with
--cleanenv, in order to improve isolation by default, and prevent subtle bugs.If some environment variables are actually needed at runtime, they should explicitly be listed in the config. NOTE: Something to check first: Is it possible to use the
variablesconfig to simply pass on existing environment variables?