From df81851a131f021a7b4ca93530821315ee85572b Mon Sep 17 00:00:00 2001
From: Michael Santos <michael.santos@gmail.com>
Date: Sat, 22 Feb 2014 11:11:49 -0500
Subject: [PATCH] Split out sandboxing options used for the chroot

---
 lib/ampule.ex | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/lib/ampule.ex b/lib/ampule.ex
index c4d8c00..1376dc1 100644
--- a/lib/ampule.ex
+++ b/lib/ampule.ex
@@ -22,7 +22,7 @@ defmodule Ampule do
   def create("", options), do: create(@utsname, options)
 
   def create(name, options) do
-    options = Ampule.Chroot.new options
+    options = Ampule.Chroot.new(options)
     container = :erlxc.spawn name, options
     true = :liblxc.wait(:erlxc.container(container), "RUNNING", 0)
     Container.new [container: container]
@@ -37,6 +37,8 @@ defmodule Ampule do
       false -> distribute!(:ampule)
     end
 
+    options = options |> Ampule.Chroot.new |> Ampule.Chroot.sandbox
+
     container = create(name, options)
     nodename = nodename(container.container)
     ping nodename
@@ -121,26 +123,26 @@ defmodule Ampule do
 
     def new options do
       options = ListDict.put_new(options, :uid, Ampule.Chroot.id)
-  
+
       uid = ListDict.fetch!(options, :uid)
-  
+
       options = ListDict.put_new(options, :gid, uid)
-      options = ListDict.put_new(options, :cgroup, [])
-  
-      options = ListDict.put_new(options, :path, "/tmp/ampule")
+      options = ListDict.put_new(options, :cgroup, cgroup())
+      ListDict.put_new(options, :path, "/tmp/ampule")
+    end
   
+    def sandbox options do
+      uid = ListDict.fetch!(options, :uid)
       gid = ListDict.fetch!(options, :gid)
 
       cookie = ListDict.get(options, :cookie, :erlang.get_cookie)
       bridge = ListDict.get(options, :bridge, "br0")
       ipaddr = ListDict.get(options, :ipaddr, "dhcp")
-  
+
       cmd = "erl -pa /priv -noinput -setcookie #{cookie} -name ampule@$ip"
-  
       argv = ["/ampule", ipaddr, "#{uid}", "#{gid}", cmd]
-  
       options = ListDict.put(options, :start, [argv: argv])
-  
+
       config = ListDict.get(options, :config, Ampule.Chroot.config)
 
       priv = Path.join(:code.priv_dir(:ampule), "share")
@@ -167,7 +169,6 @@ defmodule Ampule do
          {"udhcpc.script", dhcp_script(), 0755},
          {"ampule", boot("/udhcpc.script", cmd), 0755}
          ]]
-
       ListDict.put(options, :chroot, chroot)
     end