Allow to only unshare (slapns -U) without creating separate chroot

It is handy to reuse slapns uid setup, because e.g. `unshare -U...` does not allow to use newuidmap & friends, and so with just unshare it is hard to create a user namespace where e.g. screen will work (openpty wants to chown(:tty), gid(tty)=5)

Allow to only unshare (slapns -U) without creating separate chroot
It is handy to reuse slapns uid setup, because e.g. `unshare -U...` does not allow to use newuidmap & friends, and so with just unshare it is hard to create a user namespace where e.g. screen will work (openpty wants to chown(:tty), gid(tty)=5)
aa33cee3 · Kirill Smelkov · a150da84 · aa33cee3
Commit aa33cee3 authored Oct 23, 2018 by Kirill Smelkov
Show whitespace changes
Inline Side-by-side

Showing with 27 additions and 21 deletions

slapns.py slapns.py +27 -21

No files found.
--- a/slapns.py
+++ b/slapns.py
@@ -139,6 +139,10 @@ def idmap_trysetup_viashadow(kind, pid):
 def main():
    slappart = sys.argv[1]

+    unshareonly = (slappart == "-U")
+    if unshareonly:
+        slappart = ""
+    if not unshareonly:
        # create directories inside container
        dirv = ["/proc", "/sys",
                "/bin", "/sbin", "/lib", "/lib64", "/usr/bin", "/usr/lib",
@@ -208,6 +212,7 @@ def main():
    mount("none", slappart + "/tmp", "tmpfs")
    mount("none", slappart + "/run", "tmpfs")

+    if not unshareonly:
        # read-only bind mount bin, lib, ... from SR
        # FIXME stub: here we bind from base system for now
        bind("/bin",    slappart + "/bin",  MS_RDONLY)
@@ -235,9 +240,10 @@ def main():
    os.system("/sbin/ifconfig lo 127.0.0.1")    # XXX at least loopback works

    # chroot to container
+    if not unshareonly:
        slappart = abspath(slappart)
        os.chdir(slappart)
-    os.chroot(slappart)
+        os.chroot(slappart) # XXX -> try pivot_root

    # FIXME stub: -> $SHELL
    os.execv("/bin/bash", ["bash"])