jai.git

index bcbfc2d..08f7e0f 100644
--- a/default_conf.cc
+++ b/default_conf.cc
@@ -131,14 +131,9 @@ unsetenv SLACK_WEBHOOK_URL
 
 # The following environment variables get set in sandboxes.  You can
 # substitute existing environment variables (before any
-# unsetenv/setenv have been applied) by including them in ${...}.  Two
-# additional environment variables will be set that you can reference:
-#
-#  ${JAI_NAME} - the name of the sandbox
-#  ${JAI_USER} - the outside user invoking the sandbox
-#
-# (Note JAI_MODE is set in the sandbox's enfironment but not available
-# during configuration, since it can change during configuration.)
+# unsetenv/setenv have been applied) by including them in ${...}.  You
+# can reference ${JAI_USER} here, which gets set before configuration,
+# but not ${JAI_NAME} or ${JAI_MODE}, which are set after.
 
 setenv USER=${JAI_USER}
 setenv LOGNAME=${JAI_USER}

index f2f2c4e..c4b72f0 100644
--- a/jai.cc
+++ b/jai.cc
@@ -101,12 +101,11 @@ Config::init_credentials()
   shell_ = pw->pw_shell;
   untrusted_cred_ = user_cred_ = Credentials::get_user(pw);
 
-  setenv("JAI_NAME", sandbox_name_.c_str(), 1);
   setenv("JAI_USER", user_.c_str(), 1);
-
   // HOME may incorrectly be root's when using su/sudo
   if (realuid == 0 && pw->pw_uid != 0)
-    setenv_.emplace("HOME", std::format("HOME={}", pw->pw_dir));
+    setenv("HOME", pw->pw_dir, 1);
+  ;
 
   if (PwEnt u = PwEnt::get_nam(kUntrustedUser)) {
     if (u->pw_uid && !strcmp(u->pw_gecos, kUntrustedGecos) &&
@@ -812,6 +811,7 @@ try {
     argv = const_cast<char **>(bashcmd.data());
   }
 
+  setenv("JAI_NAME", sandbox_name_.c_str(), 1);
   setenv("JAI_MODE",
          mode_ == kStrict ? "strict"
          : mode_ == kBare ? "bare"