chrootenv: rewrite on top of GLib #33139
Conversation
lukateras
force-pushed
the
20171228.053707/chrootenv
branch
from
9307ec2
to
be611fd
Compare
|
I feel confident about new code and will merge on 31st if no one has any issues with it. I should note that none of the changes to chrootenv are breaking |
|
|
||
| else if (WIFSIGNALED(status)) | ||
| kill(getpid(), WTERMSIG(status)); | ||
| } |
There was a problem hiding this comment.
It is not obvious that the equivalent of return EX_OSERR; of the old version is unneeded in the new version: the signal that terminated the child process may be ignored by default and not terminate chrootenv.
There was a problem hiding this comment.
If signal is ignored, chrootenv will return 0. This seems to be logical behavior.
There was a problem hiding this comment.
If the child overrode the default of ignoring a signal and died on receiving it, it did not exit cleanly and chrootenv should not return 0.
There was a problem hiding this comment.
You are right, it's better to return 1 in this case. I've added it, see ac40a57.
lukateras
force-pushed
the
20171228.053707/chrootenv
branch
3 times, most recently
from
a0d1430
to
430476a
Compare
|
What do you think about documenting what this code is for and how it (roughly) works. I think each piece of code should explain why it is needed. So, what problem does this code solve? Looking at the older version, there were some comments that helps the reader understand what is happening. |
|
There are only two comments that still apply, specifically "Create new mount and user namespaces" and "Map users and groups to the parent namespace". I don't think these are particularly useful to keep around, because people who know about mount and user namespaces probably know about
Setting up a chroot to ultimately run programs that assume a FHS-compliant environment. |
That at the very least should be included in the code header. |
|
I'll add something like it to |
|
According to docs it seems This seems inappropriate for at least the error path that prints messages to the user about running Maybe make a pass with this in mind, or instead adjust the g_perr macro to just log and exit instead? |
|
|
|
Not to bikeshed but I can't help but wonder how much of benefit glib brings here compared to C++ or something (g_autofree patterns, etc.)? Regardless I'd appreciate, if for my curiosity if nothing else, a mention of the role glib plays in obtaining the improvements in this PR or to what extent they're orthogonal? |
|
I think C++ is a bad language because it's very complex.
|
|
Okay, thanks for the comments and consideration of abort. LGTM review-wise. |
|
Thanks for reviewing it! |
| #include <unistd.h> | ||
|
|
||
| #define g_perr(s, err) g_error("%s#L%d: %s: %s", __func__, __LINE__, s, g_strerror(err)) | ||
| #define g_perrno(s) g_perr(s, errno) |
There was a problem hiding this comment.
g_ is a glib namespace, you should not define names starting with g_.
There was a problem hiding this comment.
Sure, and names themselves are misleading (perror doesn't abort). I've pushed a new version with fail and fail_if macros: I think that separates concerns much better than previously used error macros, and names are much more straightforward. fail_if also cuts some boilerplate.
lukateras
force-pushed
the
20171228.053707/chrootenv
branch
2 times, most recently
from
a1182bd
to
37da1a8
Compare
Changes:
* doesn't handle root user separately
* doesn't chdir("/") which makes using it seamless
* only bind mounts, doesn't symlink (i.e. files)
Incidentally, fixes NixOS#33106.
It's about two times shorter than the previous version, and much
easier to read/follow through. It uses GLib quite heavily, along with
RAII (available in GCC/Clang).
lukateras
force-pushed
the
20171228.053707/chrootenv
branch
from
37da1a8
to
4b1cf5a
Compare
|
@Mic92: Thanks for mentioning |
|
@orivej: Thanks for the review! I still want to implement a different order of messages in case of failed |
Changes:
chdir("/")which makes using it seamlessIncidentally, it fixes #33106.
It's about two times shorter than the previous version (it's even shorter than the Ruby version), and much, much easier to read/follow through. It uses GLib quite heavily, along with RAII (available in GCC/Clang).
Symlinking already happens in init script, so it's redundant to have it in this code. It has only been in chrootenv for a week, and I might reintroduce it back later.
About closure size: Steam itself uses GLib, so it won't result in a larger closure for most chrootenv users. It's also likely to be required by other programs. I've tested Steam, and of course, it still works.
/cc @Mic92 @dezgeg @srhb @pbogdan