New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support nested user chrootenv environments #61740
Conversation
Ah darn, unfortunately #62091 introduced a conflict. It seems that that PR isn't needed anymore after this one, but I'm not so sure on that. |
const gchar *bind_blacklist[] = {"bin", "etc", "host", "usr", "lib", "lib64", "lib32", "sbin", NULL}; | ||
const gchar *bind_blacklist[] = {"bin", "etc", "host", "real-host", "usr", "lib", "lib64", "lib32", "sbin", NULL}; | ||
|
||
int pivot_root(const char *new_root, const char *put_old) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Weird that glibc doesn't provide a wrapper for this syscall.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! This is a huge improvement over current design, both on cleanup (tmpfs) and nesting fronts. I don't see any memory allocation issues.
Also see #55973, which replaces chrootenv entirely with bubblewrap. |
Yup, wanted to review this one later as maybe we should just switch.
re allocations: learnt about `g_autofree` and related GCC attributes while working in this, was pleasantly surprised.
…On May 28, 2019 10:54:20 AM GMT+03:00, Yegor Timoshenko ***@***.***> wrote:
Also see #55973, which replaces
chrootenv entirely with bubblewrap.
--
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#61740 (comment)
--
Nikolay.
|
@infinisil mine is completely unneeded after this, since this PR doesn't do any nftw or ftw calls seemingly, which are buggy in glibc. |
b3b5b78
to
6328be9
Compare
The problem with stacking chrootenv before was that CLONE_NEWUSER cannot be used when a child uses chroot. So instead of that we use pivot_root which replaces root in the whole namespace. This requires our new root to be an actual fs so we mount tmpfs.
* Remove unused argument from pivot_root; * Factor out tmpdir creation into a separate function; * Remove unused fstype from bind mount; * Use unlink instead of a treewalk to remove empty temporary directory.
To avoid symlink loops to /host in nested chrootenvs we need to remove one level of indirection. This is also what's generally expected of /host contents.
6328be9
to
06f27dc
Compare
Let's merge now; hopefully we can replace all this code with bwrap in the end ;) |
Motivation for this change
Previously we couldn't run chrootenv-wrapped applications inside a chrootenv, we can now. My primary motivation was Lutris, although this is also helpful for development environments.
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nix-review --run "nix-review wip"
./result/bin/
)nix path-info -S
before and after)