Support nested user chrootenv environments #61740
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Ah darn, unfortunately #62091 introduced a conflict. It seems that that PR isn't needed anymore after this one, but I'm not so sure on that. |
lukateras
reviewed
May 28, 2019
| const gchar *bind_blacklist[] = {"bin", "etc", "host", "usr", "lib", "lib64", "lib32", "sbin", NULL}; | ||
| const gchar *bind_blacklist[] = {"bin", "etc", "host", "real-host", "usr", "lib", "lib64", "lib32", "sbin", NULL}; | ||
|
|
||
| int pivot_root(const char *new_root, const char *put_old) { |
There was a problem hiding this comment.
Weird that glibc doesn't provide a wrapper for this syscall.
lukateras
approved these changes
May 28, 2019
|
Also see #55973, which replaces chrootenv entirely with bubblewrap. |
|
Yup, wanted to review this one later as maybe we should just switch.
re allocations: learnt about `g_autofree` and related GCC attributes while working in this, was pleasantly surprised.
…On May 28, 2019 10:54:20 AM GMT+03:00, Yegor Timoshenko ***@***.***> wrote:
Also see #55973, which replaces
chrootenv entirely with bubblewrap.
--
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#61740 (comment)
--
Nikolay.
|
|
@infinisil mine is completely unneeded after this, since this PR doesn't do any nftw or ftw calls seemingly, which are buggy in glibc. |
L-as
reviewed
May 30, 2019
abbradar
force-pushed
the
nested-chrootenv
branch
from
b3b5b78
to
6328be9
Compare
The problem with stacking chrootenv before was that CLONE_NEWUSER cannot be used when a child uses chroot. So instead of that we use pivot_root which replaces root in the whole namespace. This requires our new root to be an actual fs so we mount tmpfs.
* Remove unused argument from pivot_root; * Factor out tmpdir creation into a separate function; * Remove unused fstype from bind mount; * Use unlink instead of a treewalk to remove empty temporary directory.
To avoid symlink loops to /host in nested chrootenvs we need to remove one level of indirection. This is also what's generally expected of /host contents.
abbradar
force-pushed
the
nested-chrootenv
branch
from
6328be9
to
06f27dc
Compare
|
Let's merge now; hopefully we can replace all this code with bwrap in the end ;) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation for this change
Previously we couldn't run chrootenv-wrapped applications inside a chrootenv, we can now. My primary motivation was Lutris, although this is also helpful for development environments.
Things done
sandboxinnix.confon non-NixOS)nix-shell -p nix-review --run "nix-review wip"./result/bin/)nix path-info -Sbefore and after)