Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-catalyst

From: Brian Dolbec <dolsen@g.o>
To: gentoo-catalyst@l.g.o
Subject: Re: [gentoo-catalyst] [PATCH 2/2] catalyst: create namespaces for building
Date: Tue, 10 Nov 2015 06:56:09
Message-Id: 20151109225514.5152edf2.dolsen@gentoo.org
In Reply to: Re: [gentoo-catalyst] [PATCH 2/2] catalyst: create namespaces for building by Mike Frysinger
1 On Tue, 10 Nov 2015 01:49:07 -0500
2 Mike Frysinger <vapier@g.o> wrote:
3
4 > On 09 Nov 2015 22:45, Brian Dolbec wrote:
5 > > On Tue, 6 Oct 2015 16:32:53 -0400 Mike Frysinger wrote:
6 > > > This helps isolate the catalyst builds from the rest of the system
7 > > > and allows us to build as non-root user in more cases. This might
8 > > > not work everywhere, but it's a start (snapshot generation works).
9 > > > ---
10 > > > catalyst/main.py | 9 +++++++++
11 > > > 1 file changed, 9 insertions(+)
12 > > >
13 > > > diff --git a/catalyst/main.py b/catalyst/main.py
14 > > > index 65e1431..f984653 100644
15 > > > --- a/catalyst/main.py
16 > > > +++ b/catalyst/main.py
17 > > > @@ -10,6 +10,8 @@ import argparse
18 > > > import os
19 > > > import sys
20 > > >
21 > > > +from snakeoil.process import namespaces
22 > > > +
23 > > > __selfpath__ = os.path.abspath(os.path.dirname(__file__))
24 > > >
25 > > > from DeComp.definitions import (COMPRESS_DEFINITIONS,
26 > > > DECOMPRESS_DEFINITIONS, @@ -336,6 +338,13 @@ def main():
27 > > > if "target" not in addlargs:
28 > > > raise CatalystError("Required value \"target\"
29 > > > not specified.")
30 > > > + # Start off by creating unique namespaces to run in.
31 > > > + namespaces.simple_unshare(
32 > > > + mount=True, uts=True, ipc=True, pid=True,
33 > > > net=False, user=True,
34 > > > + hostname='catalyst')
35 > > > +
36 > > > + # We should be root now, either a real root, or in a
37 > > > userns as root.
38 > > > + # If we aren't, then we've failed, and need to abort.
39 > > > if os.getuid() != 0:
40 > > > # catalyst cannot be run as a normal user due to
41 > > > chroots, mounts, etc print "!!! catalyst: This script requires
42 > > > root privileges to operate"
43 > >
44 > > I was hoping to get a release out before merging much more, but, I
45 > > doubt this will affect stability.
46 >
47 > it does ;). i haven't fully debugged it yet, but i think the use of
48 > pid namespaces messes up signal handling. i'll follow up when i'm
49 > happy with its state.
50 > -mike
51
52 sounds good :) Thanks
53
54 --
55 Brian Dolbec <dolsen>
Report Message
Find on MARC Find on Google Groups