From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 90DF5138359 for ; Wed, 28 Oct 2020 23:06:22 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C0765E0887; Wed, 28 Oct 2020 23:06:21 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 9C138E0887 for ; Wed, 28 Oct 2020 23:06:21 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 4287B335CA3 for ; Wed, 28 Oct 2020 23:06:20 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 87D3D3BD for ; Wed, 28 Oct 2020 23:06:18 +0000 (UTC) From: "Matt Turner" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Matt Turner" Message-ID: <1603926369.e1be09eedea2dba8c605a49d9211c868c2ee4dcc.mattst88@gentoo> Subject: [gentoo-commits] proj/catalyst:pending/mattst88 commit in: catalyst/ X-VCS-Repository: proj/catalyst X-VCS-Files: catalyst/main.py X-VCS-Directories: catalyst/ X-VCS-Committer: mattst88 X-VCS-Committer-Name: Matt Turner X-VCS-Revision: e1be09eedea2dba8c605a49d9211c868c2ee4dcc X-VCS-Branch: pending/mattst88 Date: Wed, 28 Oct 2020 23:06:18 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 24d9ad87-fb2a-4f73-a3d4-16702f484fe5 X-Archives-Hash: 556237703d4bdbca063503afe8b3aed9 commit: e1be09eedea2dba8c605a49d9211c868c2ee4dcc Author: Matt Turner gentoo org> AuthorDate: Wed Oct 28 21:59:17 2020 +0000 Commit: Matt Turner gentoo org> CommitDate: Wed Oct 28 23:06:09 2020 +0000 URL: https://gitweb.gentoo.org/proj/catalyst.git/commit/?id=e1be09ee catalyst: ... Signed-off-by: Matt Turner gentoo.org> catalyst/main.py | 59 +++++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 50 insertions(+), 9 deletions(-) diff --git a/catalyst/main.py b/catalyst/main.py index 543895c6..8f54ba89 100644 --- a/catalyst/main.py +++ b/catalyst/main.py @@ -1,4 +1,5 @@ import argparse +import contextlib import datetime import hashlib import os @@ -7,7 +8,7 @@ import textwrap import toml -from snakeoil.process import namespaces +from snakeoil.process.namespaces import setns, simple_unshare from DeComp.definitions import (COMPRESS_DEFINITIONS, DECOMPRESS_DEFINITIONS, CONTENTS_DEFINITIONS) @@ -22,6 +23,33 @@ from catalyst.version import get_version conf_values = confdefaults +@contextlib.contextmanager +def namespace(mount=True, uts=True, ipc=True, net=False, pid=False, + user=False, hostname=None): + namespaces = { + (mount, "mnt"): None, + (uts, "uts"): None, + (ipc, "ipc"): None, + (net, "net"): None, + (pid, "pid"): None, + (user, "user"): None, + } + pid = os.getpid() + + # Save fds of current namespaces + for ns in [ns for ns in namespaces if ns[0]]: + fp = open(f"/proc/{pid}/ns/{ns[1]}") + namespaces[ns] = fp + + simple_unshare(mount=mount, uts=uts, ipc=ipc, net=net, pid=pid, user=user, + hostname=hostname) + try: + yield None + finally: + for ns in [ns for ns in namespaces if ns[0]]: + fp = namespaces[ns] + setns(fp.fileno(), 0) + fp.close() def version(): log.info(get_version()) @@ -352,19 +380,32 @@ def _main(parser, opts): # catalyst cannot be run as a normal user due to chroots, mounts, etc log.critical('This script requires root privileges to operate') + cxt = libmount.Context() + print("Before") + while (fs := cxt.mtab.next_fs()) is not None: + print(fs.target) + # Start off by creating unique namespaces to run in. Would be nice to # use pid & user namespaces, but snakeoil's namespace module has signal # transfer issues (CTRL+C doesn't propagate), and user namespaces need # more work due to Gentoo build process (uses sudo/root/portage). - namespaces.simple_unshare( - mount=True, uts=True, ipc=True, pid=False, net=False, user=False, - hostname='catalyst') + with namespace(mount=True, uts=True, ipc=True, net=False, pid=False, + user=False, hostname='catalyst'): + # everything is setup, so the build is a go + try: + success = build_target(addlargs) + cxt = libmount.Context() + print("During") + while (fs := cxt.mtab.next_fs()) is not None: + print(fs.target) + except KeyboardInterrupt: + log.critical('Catalyst build aborted due to user interrupt (Ctrl-C)') + + cxt = libmount.Context() + print("After") + while (fs := cxt.mtab.next_fs()) is not None: + print(fs.target) - # everything is setup, so the build is a go - try: - success = build_target(addlargs) - except KeyboardInterrupt: - log.critical('Catalyst build aborted due to user interrupt (Ctrl-C)') if not success: sys.exit(2) sys.exit(0)