1 |
This helps isolate the catalyst builds from the rest of the system |
2 |
and allows us to build as non-root user in more cases. This might |
3 |
not work everywhere, but it's a start (snapshot generation works). |
4 |
--- |
5 |
catalyst/main.py | 9 +++++++++ |
6 |
1 file changed, 9 insertions(+) |
7 |
|
8 |
diff --git a/catalyst/main.py b/catalyst/main.py |
9 |
index 65e1431..f984653 100644 |
10 |
--- a/catalyst/main.py |
11 |
+++ b/catalyst/main.py |
12 |
@@ -10,6 +10,8 @@ import argparse |
13 |
import os |
14 |
import sys |
15 |
|
16 |
+from snakeoil.process import namespaces |
17 |
+ |
18 |
__selfpath__ = os.path.abspath(os.path.dirname(__file__)) |
19 |
|
20 |
from DeComp.definitions import (COMPRESS_DEFINITIONS, DECOMPRESS_DEFINITIONS, |
21 |
@@ -336,6 +338,13 @@ def main(): |
22 |
if "target" not in addlargs: |
23 |
raise CatalystError("Required value \"target\" not specified.") |
24 |
|
25 |
+ # Start off by creating unique namespaces to run in. |
26 |
+ namespaces.simple_unshare( |
27 |
+ mount=True, uts=True, ipc=True, pid=True, net=False, user=True, |
28 |
+ hostname='catalyst') |
29 |
+ |
30 |
+ # We should be root now, either a real root, or in a userns as root. |
31 |
+ # If we aren't, then we've failed, and need to abort. |
32 |
if os.getuid() != 0: |
33 |
# catalyst cannot be run as a normal user due to chroots, mounts, etc |
34 |
print "!!! catalyst: This script requires root privileges to operate" |
35 |
-- |
36 |
2.5.2 |