1 |
This helps isolate the catalyst builds from the rest of the system |
2 |
and allows us to build as non-root user in more cases. |
3 |
|
4 |
We don't support pid or user namespaces yet. |
5 |
--- |
6 |
catalyst/main.py | 9 +++++++++ |
7 |
1 file changed, 9 insertions(+) |
8 |
|
9 |
diff --git a/catalyst/main.py b/catalyst/main.py |
10 |
index 51d2b04ab035..b8ae662dc76d 100644 |
11 |
--- a/catalyst/main.py |
12 |
+++ b/catalyst/main.py |
13 |
@@ -12,6 +12,7 @@ import os |
14 |
import sys |
15 |
|
16 |
from snakeoil import process |
17 |
+from snakeoil.process import namespaces |
18 |
|
19 |
from DeComp.definitions import (COMPRESS_DEFINITIONS, DECOMPRESS_DEFINITIONS, |
20 |
CONTENTS_DEFINITIONS) |
21 |
@@ -421,6 +422,14 @@ def _main(parser, opts): |
22 |
# catalyst cannot be run as a normal user due to chroots, mounts, etc |
23 |
log.critical('This script requires root privileges to operate') |
24 |
|
25 |
+ # Start off by creating unique namespaces to run in. Would be nice to |
26 |
+ # use pid & user namespaces, but snakeoil's namespace module has signal |
27 |
+ # transfer issues (CTRL+C doesn't propagate), and user namespaces need |
28 |
+ # more work due to Gentoo build process (uses sudo/root/portage). |
29 |
+ namespaces.simple_unshare( |
30 |
+ mount=True, uts=True, ipc=True, pid=False, net=False, user=False, |
31 |
+ hostname='catalyst') |
32 |
+ |
33 |
# everything is setup, so the build is a go |
34 |
try: |
35 |
success = build_target(addlargs) |
36 |
-- |
37 |
2.12.0 |