Commit Graph

8 Commits

Author SHA1 Message Date
Jörg Thalheim
66c16e12fa
buildFhsUserenv: don't downgrade root user 2020-12-27 17:19:49 +01:00
Nikolay Amiantov
06f27dc2e9 chrootenv: propagate nested chrootenv /host
To avoid symlink loops to /host in nested chrootenvs we need to remove
one level of indirection. This is also what's generally expected of
/host contents.
2019-05-30 15:34:01 +03:00
Nikolay Amiantov
7664ffbbaf chrootenv: small improvements
* Remove unused argument from pivot_root;
* Factor out tmpdir creation into a separate function;
* Remove unused fstype from bind mount;
* Use unlink instead of a treewalk to remove empty temporary directory.
2019-05-30 15:34:01 +03:00
Nikolay Amiantov
e0d3bc292c chrootenv: make stackable
The problem with stacking chrootenv before was that CLONE_NEWUSER cannot
be used when a child uses chroot. So instead of that we use pivot_root
which replaces root in the whole namespace. This requires our new root
to be an actual fs so we mount tmpfs.
2019-05-30 15:33:30 +03:00
Las
50c215df4a
Fix chrootenv segfaulting on exit
glibc 2.27 (and possibly other versions) can't handle an `nopenfd` value larger than 2^19 in `ntfw`, which is problematic if you've set the maximum number of fds per process to a value higher than that.
2019-05-26 17:19:06 +02:00
Michael Eden
a3488fb9ac fix FHSUserEnv blacklists 2018-11-11 10:32:09 -05:00
Linus Heckemann
75cfbdf33b buildFHSUserEnv: change to root directory after chroot
Fixes #38525
2018-04-28 14:51:07 +01:00
Yegor Timoshenko
4b1cf5afb8
chrootenv: rewrite on top of GLib
Changes:

* doesn't handle root user separately
* doesn't chdir("/") which makes using it seamless
* only bind mounts, doesn't symlink (i.e. files)

Incidentally, fixes #33106.

It's about two times shorter than the previous version, and much
easier to read/follow through. It uses GLib quite heavily, along with
RAII (available in GCC/Clang).
2017-12-30 22:28:38 +00:00