* [gentoo-catalyst] [PATCH] catalyst: create namespaces for building
@ 2017-03-11 22:22 Mike Frysinger
2017-03-14 20:14 ` Brian Dolbec
0 siblings, 1 reply; 2+ messages in thread
From: Mike Frysinger @ 2017-03-11 22:22 UTC (permalink / raw
To: gentoo-catalyst
This helps isolate the catalyst builds from the rest of the system
and allows us to build as non-root user in more cases.
We don't support pid or user namespaces yet.
---
catalyst/main.py | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/catalyst/main.py b/catalyst/main.py
index 51d2b04ab035..b8ae662dc76d 100644
--- a/catalyst/main.py
+++ b/catalyst/main.py
@@ -12,6 +12,7 @@ import os
import sys
from snakeoil import process
+from snakeoil.process import namespaces
from DeComp.definitions import (COMPRESS_DEFINITIONS, DECOMPRESS_DEFINITIONS,
CONTENTS_DEFINITIONS)
@@ -421,6 +422,14 @@ def _main(parser, opts):
# catalyst cannot be run as a normal user due to chroots, mounts, etc
log.critical('This script requires root privileges to operate')
+ # Start off by creating unique namespaces to run in. Would be nice to
+ # use pid & user namespaces, but snakeoil's namespace module has signal
+ # transfer issues (CTRL+C doesn't propagate), and user namespaces need
+ # more work due to Gentoo build process (uses sudo/root/portage).
+ namespaces.simple_unshare(
+ mount=True, uts=True, ipc=True, pid=False, net=False, user=False,
+ hostname='catalyst')
+
# everything is setup, so the build is a go
try:
success = build_target(addlargs)
--
2.12.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [gentoo-catalyst] [PATCH] catalyst: create namespaces for building
2017-03-11 22:22 [gentoo-catalyst] [PATCH] catalyst: create namespaces for building Mike Frysinger
@ 2017-03-14 20:14 ` Brian Dolbec
0 siblings, 0 replies; 2+ messages in thread
From: Brian Dolbec @ 2017-03-14 20:14 UTC (permalink / raw
To: gentoo-catalyst
On Sat, 11 Mar 2017 14:22:38 -0800
Mike Frysinger <vapier@gentoo.org> wrote:
> This helps isolate the catalyst builds from the rest of the system
> and allows us to build as non-root user in more cases.
>
> We don't support pid or user namespaces yet.
> ---
> catalyst/main.py | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/catalyst/main.py b/catalyst/main.py
> index 51d2b04ab035..b8ae662dc76d 100644
> --- a/catalyst/main.py
> +++ b/catalyst/main.py
> @@ -12,6 +12,7 @@ import os
> import sys
>
> from snakeoil import process
> +from snakeoil.process import namespaces
>
> from DeComp.definitions import (COMPRESS_DEFINITIONS,
> DECOMPRESS_DEFINITIONS, CONTENTS_DEFINITIONS)
> @@ -421,6 +422,14 @@ def _main(parser, opts):
> # catalyst cannot be run as a normal user due to
> chroots, mounts, etc log.critical('This script requires root
> privileges to operate')
> + # Start off by creating unique namespaces to run in. Would
> be nice to
> + # use pid & user namespaces, but snakeoil's namespace module
> has signal
> + # transfer issues (CTRL+C doesn't propagate), and user
> namespaces need
> + # more work due to Gentoo build process (uses
> sudo/root/portage).
> + namespaces.simple_unshare(
> + mount=True, uts=True, ipc=True, pid=False,
> net=False, user=False,
> + hostname='catalyst')
> +
> # everything is setup, so the build is a go
> try:
> success = build_target(addlargs)
Thanks, looks good. I'll nuke that other commit in the pending branch
--
Brian Dolbec <dolsen>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-03-14 20:14 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-03-11 22:22 [gentoo-catalyst] [PATCH] catalyst: create namespaces for building Mike Frysinger
2017-03-14 20:14 ` Brian Dolbec
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox