From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 36651138206 for ; Tue, 16 Jan 2018 06:44:12 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 267B6E0856; Tue, 16 Jan 2018 06:44:11 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 03021E0856 for ; Tue, 16 Jan 2018 06:44:10 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 1B50C335C48 for ; Tue, 16 Jan 2018 06:44:10 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 978D51D1 for ; Tue, 16 Jan 2018 06:44:08 +0000 (UTC) From: "Mike Frysinger" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Frysinger" Message-ID: <1516065239.04b56eaab3ad5d9e78ed8e173bbcb680d958041e.vapier@gentoo> Subject: [gentoo-commits] proj/releng:master commit in: tools/ X-VCS-Repository: proj/releng X-VCS-Files: tools/catalyst-auto X-VCS-Directories: tools/ X-VCS-Committer: vapier X-VCS-Committer-Name: Mike Frysinger X-VCS-Revision: 04b56eaab3ad5d9e78ed8e173bbcb680d958041e X-VCS-Branch: master Date: Tue, 16 Jan 2018 06:44:08 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 8a0795e3-8a48-46e4-ac83-78f088a77623 X-Archives-Hash: fa323c889ddaa99720d4512601d72925 commit: 04b56eaab3ad5d9e78ed8e173bbcb680d958041e Author: Mike Frysinger gentoo org> AuthorDate: Tue Jan 16 01:13:59 2018 +0000 Commit: Mike Frysinger gentoo org> CommitDate: Tue Jan 16 01:13:59 2018 +0000 URL: https://gitweb.gentoo.org/proj/releng.git/commit/?id=04b56eaa catalyst-auto: move container logic into a func too This lets us put it after command line parsing. tools/catalyst-auto | 38 +++++++++++++++++++++++--------------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/tools/catalyst-auto b/tools/catalyst-auto index cf5a7c65..c06a42bf 100755 --- a/tools/catalyst-auto +++ b/tools/catalyst-auto @@ -2,21 +2,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# First let's get our own namespaces to avoid leaking crap. -if [[ -z ${UNSHARE} ]] ; then - if type -P unshare >&/dev/null ; then - uargs=() - # Probe the namespaces as some can be disabled (or we are not root). - unshare -m -- true >&/dev/null && uargs+=( -m ) - unshare -u -- true >&/dev/null && uargs+=( -u ) - unshare -i -- true >&/dev/null && uargs+=( -i ) - unshare -p -- true >&/dev/null && uargs+=( -p -f --mount-proc ) - # Re-exec ourselves in the new namespace. - UNSHARE=true exec unshare "${uargs[@]}" -- "$0" "$@" - fi -fi -unset UNSHARE - CATALYST_CONFIG=/etc/catalyst/catalyst.conf # Probe the default source dir from this script name. @@ -179,6 +164,26 @@ parse_args() { done } +# Let's get our own namespaces/etc... to avoid leaking crap. +containerize() { + # If we've already relaunched, nothing to do. + if [[ ${UNSHARE} == "true" ]] ; then + return + fi + + # Most systems have unshare available, but just in case. + if type -P unshare >&/dev/null ; then + local uargs=() + # Probe the namespaces as some can be disabled (or we are not root). + unshare -m -- true >&/dev/null && uargs+=( -m ) + unshare -u -- true >&/dev/null && uargs+=( -u ) + unshare -i -- true >&/dev/null && uargs+=( -i ) + unshare -p -- true >&/dev/null && uargs+=( -p -f --mount-proc ) + # Re-exec ourselves in the new namespace. + UNSHARE=true exec unshare "${uargs[@]}" -- "$0" "$@" + fi +} + run_catalyst_commands() { doneconfig=0 for config_file in "${config_files[@]}"; do @@ -388,6 +393,9 @@ main() { # Parse user arguments before we try doing container logic. parse_args "$@" + # Try to isolate ourselves from the rest of the system. + containerize "$@" + ( if [[ -n ${lock_file} ]]; then if ! flock -n 9; then