Skip to content

Improve flexibility of limactl shell --preserve-env #4036

New issue
New issue
Open
Open
Improve flexibility of limactl shell --preserve-env#4036
Assignees
olamilekan000
Milestone
v2.0.0
@jandubois

Description

@jandubois
jandubois
opened on Sep 15, 2025

I would like to make the following changes to the --preserve-env functionality:

  1. Throw an error when the patterns in LIMA_SHELLENV_ALLOW or LIMA_SHELLENV_BLOCK use any characters outside of [a-zA-Z0-9_].

  2. Allow * wildcards anywhere in a pattern and not just at the end.

  3. Setting LIMA_SHELLENV_BLOCK should no longer be ignored when LIMA_SHELLENV_ALLOW is set. The allow list should just override the block list entries, but additional variables that are not blocked should still be implicitly allowed.

    The current behaviour is still available by setting LIMA_SHELLENV_BLOCK=*, blocking everything not explicitly allowed by LIMA_SHELLENV_ALLOW.

These changes make more comprehensive block lists possible (like *TOKEN* patterns), and reserve additional meta-characters that are not valid in environment variable names anyways. Combined they will also make it possible to implement ideas like #3852 later without breaking backwards compatibility. So I would like to see these changes in the 2.0 release.

Of course (3) is changing functionality right now, but we haven't released --preserve-env in a release yet, and I think the added functionality is really desirable, especially when you want to use more comprehensive block lists.

Optional (can be added after 2.0), but I think worthwhile and easy to implement:

  • Add --allow-env PATTERN and --block-env PATTERN options to limactl shell.

They would (just for this command) append the pattern to the respective lists and automatically enable --preserve-env.

These commands:

limactl shell --allow-env "GITHUB_TOKEN" default gh ...
limactl shell --block-env "PRIVATE*" default ...

would be equivalent to

LIMA_SHELLENV_ALLOW="$LIMA_SHELLENV_ALLOW,GITHUB_TOKEN" limactl shell --preserve-env default gh ...
LIMA_SHELLENV_BLOCK="$LIMA_SHELLENV_BLOCK,PRIVATE*" limactl shell --preserve-env default ...

Except in case LIMA_SHELLENV_BLOCK was empty, it would be adding the pattern to the default list, not the empty list:

LIMA_SHELLENV_BLOCK="+PRIVATE*" limactl shell --preserve-env default ...

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions