[PATCH] catalyst: create namespaces for building

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH] catalyst: create namespaces for building

Mike Frysinger
This helps isolate the catalyst builds from the rest of the system
and allows us to build as non-root user in more cases.

We don't support pid or user namespaces yet.
---
 catalyst/main.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/catalyst/main.py b/catalyst/main.py
index 51d2b04ab035..b8ae662dc76d 100644
--- a/catalyst/main.py
+++ b/catalyst/main.py
@@ -12,6 +12,7 @@ import os
 import sys
 
 from snakeoil import process
+from snakeoil.process import namespaces
 
 from DeComp.definitions import (COMPRESS_DEFINITIONS, DECOMPRESS_DEFINITIONS,
  CONTENTS_DEFINITIONS)
@@ -421,6 +422,14 @@ def _main(parser, opts):
  # catalyst cannot be run as a normal user due to chroots, mounts, etc
  log.critical('This script requires root privileges to operate')
 
+ # Start off by creating unique namespaces to run in.  Would be nice to
+ # use pid & user namespaces, but snakeoil's namespace module has signal
+ # transfer issues (CTRL+C doesn't propagate), and user namespaces need
+ # more work due to Gentoo build process (uses sudo/root/portage).
+ namespaces.simple_unshare(
+ mount=True, uts=True, ipc=True, pid=False, net=False, user=False,
+ hostname='catalyst')
+
  # everything is setup, so the build is a go
  try:
  success = build_target(addlargs)
--
2.12.0


Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] catalyst: create namespaces for building

Brian Dolbec-3
On Sat, 11 Mar 2017 14:22:38 -0800
Mike Frysinger <[hidden email]> wrote:

> This helps isolate the catalyst builds from the rest of the system
> and allows us to build as non-root user in more cases.
>
> We don't support pid or user namespaces yet.
> ---
>  catalyst/main.py | 9 +++++++++
>  1 file changed, 9 insertions(+)
>
> diff --git a/catalyst/main.py b/catalyst/main.py
> index 51d2b04ab035..b8ae662dc76d 100644
> --- a/catalyst/main.py
> +++ b/catalyst/main.py
> @@ -12,6 +12,7 @@ import os
>  import sys
>  
>  from snakeoil import process
> +from snakeoil.process import namespaces
>  
>  from DeComp.definitions import (COMPRESS_DEFINITIONS,
> DECOMPRESS_DEFINITIONS, CONTENTS_DEFINITIONS)
> @@ -421,6 +422,14 @@ def _main(parser, opts):
>   # catalyst cannot be run as a normal user due to
> chroots, mounts, etc log.critical('This script requires root
> privileges to operate')
> + # Start off by creating unique namespaces to run in.  Would
> be nice to
> + # use pid & user namespaces, but snakeoil's namespace module
> has signal
> + # transfer issues (CTRL+C doesn't propagate), and user
> namespaces need
> + # more work due to Gentoo build process (uses
> sudo/root/portage).
> + namespaces.simple_unshare(
> + mount=True, uts=True, ipc=True, pid=False,
> net=False, user=False,
> + hostname='catalyst')
> +
>   # everything is setup, so the build is a go
>   try:
>   success = build_target(addlargs)

Thanks, looks good.  I'll nuke that other commit in the pending branch

--
Brian Dolbec <dolsen>