Fixed a few issues thanks to Valgrind, cleaned up.

@abbradar By the way, why do we bind-mount only certain dirs in /? We could just bind-mount every dir, which would also make /host unnecessary...

I've fixed /proc/self/{g,u}id_map writes, Steam works. No leaks, correct exit code handling:

$ valgrind ./chrootenv false
==2317== Memcheck, a memory error detector
==2317== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==2317== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==2317== Command: ./chrootenv false
==2317== 
==2317== 
==2317== HEAP SUMMARY:
==2317==     in use at exit: 0 bytes in 0 blocks
==2317==   total heap usage: 11 allocs, 11 frees, 332,256 bytes allocated
==2317== 
==2317== All heap blocks were freed -- no leaks are possible
==2317== 
==2317== For counts of detected and suppressed errors, rerun with: -v
==2317== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
$ echo $?
1

And on dropping CHROOTENV_EXTRA_BINDS: I'm normally against breaking reverse compatibility, but considering this is a rewrite, the scope of packages that use buildFHSUserEnv is very small (currently 5 in tree), it is deprecated in favor of /host and would take around 40 lines of code to implement...

I'm pretty sure we don't break anything by doing that. And @bjornfor who requested that feature initially seems to be OK with it, see #16030 (comment).

@abbradar On #16030 (comment):

I would really like to see experimental branch that uses /etc/ld-nix.so.cache to find libraries. This would fix #21109, RPG Maker MV on Steam, and probably quite a few other games too: it is common for games to have a start script that overrides LD_LIBRARY_PATH. Nagging game developers to fix the problem usually doesn't help.

First of all, thank you for this rewrite! I have been delaying this for too much time ;)

We can indeed just bind-mount everything to /, good idea. Actually I planned to do something similar (link everything from /host) and also blacklist instead of whitelisting environment variables. This way we would be even closer to the surrounding environment (given that our aim is not isolation but providing FHS-compliant packages installed).

About CHROOTENV_EXTRA_BINDS -- if we move to this direction it could be OK to drop it but I'm not sure if there are not any clever usages of that in the wild (given that one can add arbitrary bind-mounts). Let's see what @bjornfor has to say on that.

On /etc/ld-nix.so.cache -- this won't actually help because one still needs LD_LIBRARY_PATH for things like /run/opengl-driver. I tried to add NIX_LD_LIBRARY_PATH some time ago but ld.so's codebase is awful and I lost my motivation along the way. I have even mentioned problems with LD_LIBRARY_PATH during NixCon but not sure how to tackle that yet.

@abbradar I can implement a blacklist (probably *envp[] filtered with strncmp, don't know a better approach, also don't know which environment variables should be in that list) and bind-mounting every dir in / (if /host/host exists, it probably should take precedence?).

I'd prefer this PR to be mostly a feature parity rewrite, once done I'll open a new one :-)

On /etc/ld-nix.so.cache -- this won't actually help because one still needs LD_LIBRARY_PATH for things like /run/opengl-driver. I tried to add NIX_LD_LIBRARY_PATH some time ago but ld.so's codebase is awful and I lost my motivation along the way. I have even mentioned problems with LD_LIBRARY_PATH during NixCon but not sure how to tackle that yet.

I see... I'll look into the linker. This fragment of emultempl/elf32.em looks promising:

if [ "x${NATIVE}" = xyes ] ; then
fragment <<EOF
	  if (command_line.rpath_link == NULL
	      && command_line.rpath == NULL)
	    {
	      lib_path = (const char *) getenv ("LD_RUN_PATH");
	      if (gld${EMULATION_NAME}_search_needed (lib_path, &n,
						      force))
		break;
	    }
	  lib_path = (const char *) getenv ("LD_LIBRARY_PATH");
	  if (gld${EMULATION_NAME}_search_needed (lib_path, &n, force))
	    break;
EOF
fi

Let's proceed with feature parity first then and change semantics later, sounds good to me.

I can't look at the source right now but in my memory it was completely different -- something like using a global static buffer to read and then work with LD_LIBRATY_PATH, so it couldn't be called two times with two different variables without substantial rewrite or hacks. It would be very good if I was mistaken!

Let's see what @bjornfor has to say on that.

As per my comment in #16030 (comment) (thanks for the reminder!), I'm OK with removing CHROOTENV_EXTRA_BINDS.

@abbradar I've got it mixed up, the patch above is for binutils ld, not glibc ld.so. However, good news! I have hacked in NIX_LD_LIBRARY_PATH support for ld.so, check it out: #31263

Sorry, I've gotten ill so I won't be able to proceed with this and other PRs for a couple of days more at least (just a heads up).

Get well! <(￣︶￣)>

I'll clean this up in the meantime.

Is this ready?

afaik only the error message is missing.

Thank you a lot, @Mic92! This should now be ready to merge. No fancy /proc/sys/kernel/unprivileged_ns_clone handling, but it might be added later.

BTW (hijacking this thread a little), the steam sandbox blocks network for me. Even the old chroot binaries that used to work won't work anymore (and this PR doesn't fix it). I suspect it's triggered by newer kernel (4.14 ATM but was broken with 4.13 as well), but I haven't confirmed that yet. When I run all the sandbox except for steam command, I get

$ ping nixos.org   
ping: socket: Operation not permitted