| 1 |
On Sat, 11 Mar 2017 14:22:38 -0800 |
| 2 |
Mike Frysinger <vapier@g.o> wrote: |
| 3 |
|
| 4 |
> This helps isolate the catalyst builds from the rest of the system |
| 5 |
> and allows us to build as non-root user in more cases. |
| 6 |
> |
| 7 |
> We don't support pid or user namespaces yet. |
| 8 |
> --- |
| 9 |
> catalyst/main.py | 9 +++++++++ |
| 10 |
> 1 file changed, 9 insertions(+) |
| 11 |
> |
| 12 |
> diff --git a/catalyst/main.py b/catalyst/main.py |
| 13 |
> index 51d2b04ab035..b8ae662dc76d 100644 |
| 14 |
> --- a/catalyst/main.py |
| 15 |
> +++ b/catalyst/main.py |
| 16 |
> @@ -12,6 +12,7 @@ import os |
| 17 |
> import sys |
| 18 |
> |
| 19 |
> from snakeoil import process |
| 20 |
> +from snakeoil.process import namespaces |
| 21 |
> |
| 22 |
> from DeComp.definitions import (COMPRESS_DEFINITIONS, |
| 23 |
> DECOMPRESS_DEFINITIONS, CONTENTS_DEFINITIONS) |
| 24 |
> @@ -421,6 +422,14 @@ def _main(parser, opts): |
| 25 |
> # catalyst cannot be run as a normal user due to |
| 26 |
> chroots, mounts, etc log.critical('This script requires root |
| 27 |
> privileges to operate') |
| 28 |
> + # Start off by creating unique namespaces to run in. Would |
| 29 |
> be nice to |
| 30 |
> + # use pid & user namespaces, but snakeoil's namespace module |
| 31 |
> has signal |
| 32 |
> + # transfer issues (CTRL+C doesn't propagate), and user |
| 33 |
> namespaces need |
| 34 |
> + # more work due to Gentoo build process (uses |
| 35 |
> sudo/root/portage). |
| 36 |
> + namespaces.simple_unshare( |
| 37 |
> + mount=True, uts=True, ipc=True, pid=False, |
| 38 |
> net=False, user=False, |
| 39 |
> + hostname='catalyst') |
| 40 |
> + |
| 41 |
> # everything is setup, so the build is a go |
| 42 |
> try: |
| 43 |
> success = build_target(addlargs) |
| 44 |
|
| 45 |
Thanks, looks good. I'll nuke that other commit in the pending branch |
| 46 |
|
| 47 |
-- |
| 48 |
Brian Dolbec <dolsen> |
Archives