| 1 |
commit: 04b56eaab3ad5d9e78ed8e173bbcb680d958041e |
| 2 |
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Tue Jan 16 01:13:59 2018 +0000 |
| 4 |
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Tue Jan 16 01:13:59 2018 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/releng.git/commit/?id=04b56eaa |
| 7 |
|
| 8 |
catalyst-auto: move container logic into a func too |
| 9 |
|
| 10 |
This lets us put it after command line parsing. |
| 11 |
|
| 12 |
tools/catalyst-auto | 38 +++++++++++++++++++++++--------------- |
| 13 |
1 file changed, 23 insertions(+), 15 deletions(-) |
| 14 |
|
| 15 |
diff --git a/tools/catalyst-auto b/tools/catalyst-auto |
| 16 |
index cf5a7c65..c06a42bf 100755 |
| 17 |
--- a/tools/catalyst-auto |
| 18 |
+++ b/tools/catalyst-auto |
| 19 |
@@ -2,21 +2,6 @@ |
| 20 |
# Copyright 1999-2014 Gentoo Foundation |
| 21 |
# Distributed under the terms of the GNU General Public License v2 |
| 22 |
|
| 23 |
-# First let's get our own namespaces to avoid leaking crap. |
| 24 |
-if [[ -z ${UNSHARE} ]] ; then |
| 25 |
- if type -P unshare >&/dev/null ; then |
| 26 |
- uargs=() |
| 27 |
- # Probe the namespaces as some can be disabled (or we are not root). |
| 28 |
- unshare -m -- true >&/dev/null && uargs+=( -m ) |
| 29 |
- unshare -u -- true >&/dev/null && uargs+=( -u ) |
| 30 |
- unshare -i -- true >&/dev/null && uargs+=( -i ) |
| 31 |
- unshare -p -- true >&/dev/null && uargs+=( -p -f --mount-proc ) |
| 32 |
- # Re-exec ourselves in the new namespace. |
| 33 |
- UNSHARE=true exec unshare "${uargs[@]}" -- "$0" "$@" |
| 34 |
- fi |
| 35 |
-fi |
| 36 |
-unset UNSHARE |
| 37 |
- |
| 38 |
CATALYST_CONFIG=/etc/catalyst/catalyst.conf |
| 39 |
|
| 40 |
# Probe the default source dir from this script name. |
| 41 |
@@ -179,6 +164,26 @@ parse_args() { |
| 42 |
done |
| 43 |
} |
| 44 |
|
| 45 |
+# Let's get our own namespaces/etc... to avoid leaking crap. |
| 46 |
+containerize() { |
| 47 |
+ # If we've already relaunched, nothing to do. |
| 48 |
+ if [[ ${UNSHARE} == "true" ]] ; then |
| 49 |
+ return |
| 50 |
+ fi |
| 51 |
+ |
| 52 |
+ # Most systems have unshare available, but just in case. |
| 53 |
+ if type -P unshare >&/dev/null ; then |
| 54 |
+ local uargs=() |
| 55 |
+ # Probe the namespaces as some can be disabled (or we are not root). |
| 56 |
+ unshare -m -- true >&/dev/null && uargs+=( -m ) |
| 57 |
+ unshare -u -- true >&/dev/null && uargs+=( -u ) |
| 58 |
+ unshare -i -- true >&/dev/null && uargs+=( -i ) |
| 59 |
+ unshare -p -- true >&/dev/null && uargs+=( -p -f --mount-proc ) |
| 60 |
+ # Re-exec ourselves in the new namespace. |
| 61 |
+ UNSHARE=true exec unshare "${uargs[@]}" -- "$0" "$@" |
| 62 |
+ fi |
| 63 |
+} |
| 64 |
+ |
| 65 |
run_catalyst_commands() { |
| 66 |
doneconfig=0 |
| 67 |
for config_file in "${config_files[@]}"; do |
| 68 |
@@ -388,6 +393,9 @@ main() { |
| 69 |
# Parse user arguments before we try doing container logic. |
| 70 |
parse_args "$@" |
| 71 |
|
| 72 |
+ # Try to isolate ourselves from the rest of the system. |
| 73 |
+ containerize "$@" |
| 74 |
+ |
| 75 |
( |
| 76 |
if [[ -n ${lock_file} ]]; then |
| 77 |
if ! flock -n 9; then |
Archives