From: "Matt Turner" <mattst88@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/catalyst:master commit in: catalyst/
Date: Sat, 14 Nov 2020 16:37:29 +0000 (UTC) [thread overview]
Message-ID: <1605371697.dccfafea4e8b4622a7527a764d581ac0123b107e.mattst88@gentoo> (raw)
commit: dccfafea4e8b4622a7527a764d581ac0123b107e
Author: Felix Bier <Felix.Bier <AT> rohde-schwarz <DOT> com>
AuthorDate: Mon Nov 9 19:36:33 2020 +0000
Commit: Matt Turner <mattst88 <AT> gentoo <DOT> org>
CommitDate: Sat Nov 14 16:34:57 2020 +0000
URL: https://gitweb.gentoo.org/proj/catalyst.git/commit/?id=dccfafea
catalyst: Restore root and cwd after exiting mount namespace
This commit saves the file descriptor of /proc/self/{root,cwd}
before entering into the new mount namespace. When restoring the
previous mount namespace, it restores /proc/self/{root,cwd}
based on the saved file descriptors.
Without this change, catalyst cannot be run in a chroot when
using the recent changes regarding mount namespaces: After the
mount namespace has been exited, /proc/self/root points to the "/"
of the host system, not the "/" of the chroot. Therefore, the
cleanup phase of catalyst runs outside of the chroot.
The code is similar to how nsenter(1) sets root and cwd:
https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/tree/sys-utils/nsenter.c#n452
Tested in a Gentoo chroot and in Gentoo VM (non-chroot).
Signed-off-by: Felix Bier <felix.bier <AT> rohde-schwarz.com>
Signed-off-by: Matt Turner <mattst88 <AT> gentoo.org>
catalyst/context.py | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/catalyst/context.py b/catalyst/context.py
index 8a58f33d..01a6d930 100644
--- a/catalyst/context.py
+++ b/catalyst/context.py
@@ -16,11 +16,21 @@ def namespace(mount=False, uts=False, ipc=False, net=False, pid=False,
(user, "user"): None,
}
+ dirs = {
+ "root": None,
+ "cwd": None,
+ }
+
# Save fds of current namespaces
for ns in [ns for ns in namespaces if ns[0]]:
fp = open(f"/proc/self/ns/{ns[1]}")
namespaces[ns] = fp
+ # Save fds of current directories
+ if mount:
+ for d in dirs:
+ dirs[d] = os.open(f"/proc/self/{d}", os.O_RDONLY)
+
simple_unshare(mount=mount, uts=uts, ipc=ipc, net=net, pid=pid, user=user,
hostname=hostname)
try:
@@ -30,3 +40,15 @@ def namespace(mount=False, uts=False, ipc=False, net=False, pid=False,
fp = namespaces[ns]
setns(fp.fileno(), 0)
fp.close()
+
+ if mount:
+ # Restore original root and cwd. Since we cannot directly chroot to
+ # a fd, first change the current directory to the fd of the
+ # original root, then chroot to "."
+
+ os.fchdir(dirs["root"])
+ os.chroot(".")
+ os.fchdir(dirs["cwd"])
+
+ for fd in dirs.values():
+ os.close(fd)
WARNING: multiple messages have this Message-ID (diff)
From: "Matt Turner" <mattst88@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/catalyst:wip/mattst88 commit in: catalyst/
Date: Sat, 19 Dec 2020 19:56:02 +0000 (UTC) [thread overview]
Message-ID: <1605371697.dccfafea4e8b4622a7527a764d581ac0123b107e.mattst88@gentoo> (raw)
Message-ID: <20201219195602.wVSiJzpEWmiWghfKQ5JAUsUt7YUGKLwejvgQ5sd0AGY@z> (raw)
commit: dccfafea4e8b4622a7527a764d581ac0123b107e
Author: Felix Bier <Felix.Bier <AT> rohde-schwarz <DOT> com>
AuthorDate: Mon Nov 9 19:36:33 2020 +0000
Commit: Matt Turner <mattst88 <AT> gentoo <DOT> org>
CommitDate: Sat Nov 14 16:34:57 2020 +0000
URL: https://gitweb.gentoo.org/proj/catalyst.git/commit/?id=dccfafea
catalyst: Restore root and cwd after exiting mount namespace
This commit saves the file descriptor of /proc/self/{root,cwd}
before entering into the new mount namespace. When restoring the
previous mount namespace, it restores /proc/self/{root,cwd}
based on the saved file descriptors.
Without this change, catalyst cannot be run in a chroot when
using the recent changes regarding mount namespaces: After the
mount namespace has been exited, /proc/self/root points to the "/"
of the host system, not the "/" of the chroot. Therefore, the
cleanup phase of catalyst runs outside of the chroot.
The code is similar to how nsenter(1) sets root and cwd:
https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/tree/sys-utils/nsenter.c#n452
Tested in a Gentoo chroot and in Gentoo VM (non-chroot).
Signed-off-by: Felix Bier <felix.bier <AT> rohde-schwarz.com>
Signed-off-by: Matt Turner <mattst88 <AT> gentoo.org>
catalyst/context.py | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/catalyst/context.py b/catalyst/context.py
index 8a58f33d..01a6d930 100644
--- a/catalyst/context.py
+++ b/catalyst/context.py
@@ -16,11 +16,21 @@ def namespace(mount=False, uts=False, ipc=False, net=False, pid=False,
(user, "user"): None,
}
+ dirs = {
+ "root": None,
+ "cwd": None,
+ }
+
# Save fds of current namespaces
for ns in [ns for ns in namespaces if ns[0]]:
fp = open(f"/proc/self/ns/{ns[1]}")
namespaces[ns] = fp
+ # Save fds of current directories
+ if mount:
+ for d in dirs:
+ dirs[d] = os.open(f"/proc/self/{d}", os.O_RDONLY)
+
simple_unshare(mount=mount, uts=uts, ipc=ipc, net=net, pid=pid, user=user,
hostname=hostname)
try:
@@ -30,3 +40,15 @@ def namespace(mount=False, uts=False, ipc=False, net=False, pid=False,
fp = namespaces[ns]
setns(fp.fileno(), 0)
fp.close()
+
+ if mount:
+ # Restore original root and cwd. Since we cannot directly chroot to
+ # a fd, first change the current directory to the fd of the
+ # original root, then chroot to "."
+
+ os.fchdir(dirs["root"])
+ os.chroot(".")
+ os.fchdir(dirs["cwd"])
+
+ for fd in dirs.values():
+ os.close(fd)
next reply other threads:[~2020-11-14 16:37 UTC|newest]
Thread overview: 116+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-14 16:37 Matt Turner [this message]
2020-12-19 19:56 ` [gentoo-commits] proj/catalyst:wip/mattst88 commit in: catalyst/ Matt Turner
-- strict thread matches above, loose matches on Subject: below --
2024-10-12 12:44 [gentoo-commits] proj/catalyst:master " Andreas K. Hüttel
2024-07-30 11:08 Andreas K. Hüttel
2022-11-20 0:21 [gentoo-commits] proj/catalyst:wip/mattst88 " Matt Turner
2022-11-17 23:42 ` [gentoo-commits] proj/catalyst:master " Matt Turner
2022-02-16 22:34 Matt Turner
2021-06-11 3:30 Matt Turner
2021-06-10 0:48 [gentoo-commits] proj/catalyst:wip/mattst88 " Matt Turner
2021-02-20 21:27 ` [gentoo-commits] proj/catalyst:master " Matt Turner
2021-02-20 21:27 Matt Turner
2021-01-29 23:50 [gentoo-commits] proj/catalyst:wip/mattst88 " Matt Turner
2021-01-28 2:41 ` [gentoo-commits] proj/catalyst:master " Matt Turner
2020-10-30 22:41 Matt Turner
2020-10-30 22:41 Matt Turner
2020-10-08 21:17 Matt Turner
2020-06-05 21:13 Matt Turner
2020-05-21 20:26 Matt Turner
2020-05-21 20:25 Matt Turner
2020-05-21 20:25 Matt Turner
2020-05-21 20:25 Matt Turner
2020-05-20 3:39 [gentoo-commits] proj/catalyst:pending/mattst88 " Matt Turner
2020-05-21 20:25 ` [gentoo-commits] proj/catalyst:master " Matt Turner
2020-05-20 1:52 [gentoo-commits] proj/catalyst:wip/mattst88 " Matt Turner
2020-05-21 20:25 ` [gentoo-commits] proj/catalyst:master " Matt Turner
2020-05-20 1:52 [gentoo-commits] proj/catalyst:wip/mattst88 " Matt Turner
2020-05-21 20:25 ` [gentoo-commits] proj/catalyst:master " Matt Turner
2020-05-20 1:52 [gentoo-commits] proj/catalyst:wip/mattst88 " Matt Turner
2020-05-21 20:25 ` [gentoo-commits] proj/catalyst:master " Matt Turner
2020-05-20 1:52 [gentoo-commits] proj/catalyst:wip/mattst88 " Matt Turner
2020-05-21 20:25 ` [gentoo-commits] proj/catalyst:master " Matt Turner
2020-04-30 22:56 Matt Turner
2020-04-30 22:56 Matt Turner
2020-04-30 22:56 Matt Turner
2020-04-22 5:52 Matt Turner
2020-04-22 5:52 Matt Turner
2020-04-22 5:52 Matt Turner
2020-04-17 19:52 Matt Turner
2020-04-17 19:52 Matt Turner
2020-04-10 21:04 Matt Turner
2019-10-20 0:00 Matt Turner
2019-08-26 16:52 Matt Turner
2019-06-16 18:35 Matt Turner
2019-02-05 3:02 Matt Turner
2018-10-02 15:57 Brian Dolbec
2018-10-01 16:30 Brian Dolbec
2018-09-12 6:43 Brian Dolbec
2018-07-21 18:54 Brian Dolbec
2017-12-30 18:25 Brian Dolbec
2017-12-29 2:27 Brian Dolbec
2017-12-29 0:35 Brian Dolbec
2017-12-07 7:24 Brian Dolbec
2017-12-07 7:21 Brian Dolbec
2017-12-06 18:51 Robin H. Johnson
2017-11-22 15:52 [gentoo-commits] proj/catalyst:pending " Brian Dolbec
2017-11-29 17:20 ` [gentoo-commits] proj/catalyst:master " Brian Dolbec
2017-03-14 20:52 Mike Frysinger
2016-06-25 15:46 Brian Dolbec
2016-05-22 3:48 Mike Frysinger
2016-05-22 3:36 Mike Frysinger
2016-02-17 5:26 Brian Dolbec
2016-02-11 13:59 Mike Frysinger
2016-02-02 6:11 Brian Dolbec
2016-02-02 6:11 Brian Dolbec
2015-12-18 1:53 Mike Frysinger
2015-12-18 1:53 Mike Frysinger
2015-11-21 1:33 [gentoo-commits] proj/catalyst:pending " Brian Dolbec
2015-11-09 2:06 ` [gentoo-commits] proj/catalyst:master " Brian Dolbec
2015-10-29 0:28 Mike Frysinger
2015-10-28 16:50 Mike Frysinger
2015-10-28 16:50 Mike Frysinger
2015-10-24 6:58 Mike Frysinger
2015-10-24 6:58 Mike Frysinger
2015-10-24 6:58 Mike Frysinger
2015-10-11 17:26 Mike Frysinger
2015-10-11 17:26 Mike Frysinger
2015-10-09 21:06 Mike Frysinger
2015-10-09 21:06 Mike Frysinger
2015-10-09 21:06 Mike Frysinger
2015-10-09 20:08 Mike Frysinger
2015-10-09 19:35 Mike Frysinger
2015-10-09 19:35 Mike Frysinger
2015-10-09 19:35 Mike Frysinger
2015-10-08 22:20 Mike Frysinger
2015-10-08 22:11 Mike Frysinger
2015-10-08 17:19 Mike Frysinger
2015-10-06 17:03 Mike Frysinger
2015-10-06 17:03 Mike Frysinger
2015-10-06 15:31 Mike Frysinger
2015-10-06 15:31 Mike Frysinger
2015-10-06 15:31 Mike Frysinger
2015-10-06 15:31 Mike Frysinger
2015-10-06 13:46 Mike Frysinger
2015-10-06 13:46 Mike Frysinger
2015-10-06 13:46 Mike Frysinger
2015-10-06 13:46 Mike Frysinger
2015-10-06 13:46 Mike Frysinger
2015-09-08 14:14 [gentoo-commits] proj/catalyst:pending " Brian Dolbec
2015-09-08 14:17 ` [gentoo-commits] proj/catalyst:master " Brian Dolbec
2015-09-06 21:21 Brian Dolbec
2015-09-06 21:18 [gentoo-commits] proj/catalyst:pending " Brian Dolbec
2015-09-06 21:21 ` [gentoo-commits] proj/catalyst:master " Brian Dolbec
2015-09-01 5:58 [gentoo-commits] proj/catalyst:pending " Brian Dolbec
2015-09-01 4:50 ` [gentoo-commits] proj/catalyst:master " Brian Dolbec
2015-09-01 5:58 [gentoo-commits] proj/catalyst:pending " Brian Dolbec
2015-09-01 4:50 ` [gentoo-commits] proj/catalyst:master " Brian Dolbec
2015-09-01 4:50 Brian Dolbec
2015-08-31 3:16 Richard Farina
2015-08-30 20:58 Brian Dolbec
2015-08-30 2:15 Brian Dolbec
2015-08-29 16:20 Brian Dolbec
2015-08-29 16:11 Brian Dolbec
2015-08-29 14:41 Brian Dolbec
2015-05-24 0:08 Brian Dolbec
2015-02-26 20:44 [gentoo-commits] proj/catalyst:pending " Brian Dolbec
2015-02-26 22:18 ` [gentoo-commits] proj/catalyst:master " Brian Dolbec
2015-02-26 20:44 [gentoo-commits] proj/catalyst:pending " Brian Dolbec
2015-02-26 22:18 ` [gentoo-commits] proj/catalyst:master " Brian Dolbec
2015-02-26 19:25 [gentoo-commits] proj/catalyst:pending " Brian Dolbec
2015-02-26 20:12 ` [gentoo-commits] proj/catalyst:master " Brian Dolbec
2015-02-26 4:12 Brian Dolbec
2015-01-01 5:59 [gentoo-commits] proj/catalyst:pending " Brian Dolbec
2015-02-26 20:12 ` [gentoo-commits] proj/catalyst:master " Brian Dolbec
2015-01-01 5:59 [gentoo-commits] proj/catalyst:pending " Brian Dolbec
2015-02-26 4:12 ` [gentoo-commits] proj/catalyst:master " Brian Dolbec
2015-01-01 5:59 [gentoo-commits] proj/catalyst:pending " Brian Dolbec
2015-02-26 4:12 ` [gentoo-commits] proj/catalyst:master " Brian Dolbec
2015-01-01 5:59 [gentoo-commits] proj/catalyst:pending " Brian Dolbec
2015-02-26 4:12 ` [gentoo-commits] proj/catalyst:master " Brian Dolbec
2015-01-01 5:59 [gentoo-commits] proj/catalyst:pending " Brian Dolbec
2015-02-26 4:12 ` [gentoo-commits] proj/catalyst:master " Brian Dolbec
2014-09-11 3:26 Brian Dolbec
2014-09-11 3:26 Brian Dolbec
2014-05-05 19:17 Brian Dolbec
2014-04-02 20:09 [gentoo-commits] proj/catalyst:pending " Brian Dolbec
2014-05-05 19:17 ` [gentoo-commits] proj/catalyst:master " Brian Dolbec
2014-04-02 20:09 [gentoo-commits] proj/catalyst:pending " Brian Dolbec
2014-05-05 19:17 ` [gentoo-commits] proj/catalyst:master " Brian Dolbec
2014-04-02 20:09 [gentoo-commits] proj/catalyst:pending " Brian Dolbec
2014-05-05 19:17 ` [gentoo-commits] proj/catalyst:master " Brian Dolbec
2014-03-22 22:25 [gentoo-commits] proj/catalyst:pending " Brian Dolbec
2014-03-02 22:55 ` [gentoo-commits] proj/catalyst:master " Brian Dolbec
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1605371697.dccfafea4e8b4622a7527a764d581ac0123b107e.mattst88@gentoo \
--to=mattst88@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox