Age | Commit message (Collapse) | Author |
|
Software has a reasonable assumption that localhost as well as the
current hostname resolves to an IP address. Without an /etc/hosts file,
this is not the case and makes some builds such as src:ovn fail.
|
|
This is where unschroot becomes incompatible with schroot as schroot
does not have this option. The idea is that unschroot becomes
feature-compatible with sbuild --chroot-mode=unshare and that requires
supporting network isolation. To make use of this, sbuild needs to be
extended to pass this flag when it sees a "Type unshare" chroot that is
not normally exposed from regular schroot.
|
|
When stdout is an (unnamed) pipe, it usually has permission 0o644. Since
we change uids, /dev/stdout cannot be opened unless we chmod it first.
This causes some packages such as supervisor to fail to build.
|
|
Fixes: be42cb03f861 ("add userchroot.py example")
|
|
No functional changes.
|
|
linuxnamespaces/__init__.py:
* linuxnamespaces.filedescriptor only exports FileDescriptor. By
importing *, we re-export it implicitly.
linuxnamespaces/atlocation.py:
* PathLike should be parameterized and we no longer allow bytes there.
linuxnamespaces/tarutils.py:
* Resolve dict vs Mapping.
tests/test_simple.py:
* Establish expected type to mypy.
examples/unschroot.py:
* pidfd is first an int and later a FileDescriptor, but we always use
it as int.
* Also tell mypy that we cannot get NULL from waitid.
|
|
While sbuild --chroot-mode=unshare opted for installing dumb-init, we'll
keep the environment minimal and have a dumb-init written in perl-base,
which happens to be essential still. Unfortunately, we cannot wait for
our target process from our main process as the target process is a
child of our perl init. Therefore our perl init must forward the exit
code.
|
|
Before this change, it could happen that we'd call
prctl_set_child_subreaper before our parent actually died. Thus we'd
quickly get the death signal. The additional synchronization point
ensures that our previous parent process has been waited for (and thus
we are reparented) before installing the death signal.
|
|
Any existing type would be an invalid promise. While sbuild parses the
type, it also currently throws its value away and does not base any
decisions on it. With the new value, it could recognize unschroot and
opt into new features.
|
|
* Tag sessions as "Session Purged". This causes sbuild to skip
uninstalling build-depends and other cleanup.
* Always emit "Aliases" even when empty as we get a warning from sbuild
otherwise.
|
|
Fixes: a1cc59818088 ("add example "unschroot.py"")
|
|
While this mostly provides the schroot API and adds its own semantics
around ~/.cache/unschroot, please do not consider examples a stable
interface but a room for experimentation and incompatible changes.
|
|
Fixes: f01c7690de8e ("add example chrootfuse2fs.py")
|
|
|
|
This reverts commit a169f51420795a212c3226f455e783ab8ac5cf47.
We really deal with two user namespaces. The initial/parent process maps
the target id range plus the current user id. The child process that
executes the workload only maps the target id range without the current
user id. The child opens the tar file while it still is in the initial
namespace, then unshares and once it only has the subid range mapped, it
performs the extraction. No clamping is necessary at this point. The
parent process maps additionally maps the current id in order to write
the tar file.
|
|
This is a mixin subclass for TarFile that enables it to restore and
apply linux extended attributes as PAX headers in the SCHILY.xattr.*
format. As a consequence, this enables us to process tar archives
containing file system capabilities.
|
|
Move the generic tar utilities from the chroottar.py example into a
linuxnamespaces module as dealing with tar archives is a fairly common
thing when dealing with namespaces.
|
|
|
|
The mode actually can only have these three distinct literals. While
more complex modes can get passed to TarFile.open, they're decomposed
there and only of these three is passed to the compressor openers.
|
|
zstandard.open actually consumes file objects. Hence there is little
benefit in not implementing the passing of a fileobj even though we
don't use it here.
|
|
Fixes: b0874c6086f1 ("lift the dbus functionality from the cgroup example")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The textual representation matches util-linux. Not all flag values can
be represented textually.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
When decompression fails, we should raise a tarfile.ReadError rather
than a zstandard.ZstdError. Otherwise, tarfile gives up guessing.
|
|
* Drop supplementary groups. Very likely, those are not mapped inside
and they cannot cause much good.
* Sane permission for the root directory. Otherwise no non-root user
can access any files.
|
|
|
|
When TMPDIR has restrictive permissions, the namespace may be unable to
access the leading components. Thus we put the supervisor process
handling the cleanup into a different namespace that has all the ids
plus the current uid mapped. It'll then be able to perform the cleanup
(and the initial chown).
|
|
|
|
* Add execute bit
* Consume first positional argument
|
|
|