Skip to content

Use rooter library #22

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Use rooter library #22

wants to merge 1 commit into from

Conversation

jD91mZM2
Copy link
Member

@jD91mZM2 jD91mZM2 commented Jan 8, 2021
edited
Loading

A little commit that uses a new abstraction I created after reading the
code for this awesome tool. I'm not sure if it's a good idea to abstract out
something so unusual, but I thought the code might be cleaner?

~ Just a thought ~

(If you say yes I'd of course push the dependency to crates.io so we don't have to work with the git version)

P.S. Added a simple container.sh script that launches a docker environment with this in it. I used it personally in order to develop this on NixOS (where bash would usually not be available in the chroot). Not sure if it's something we should commit, but it might be helpful?

@jD91mZM2
Use rooter library
8cd457f 
A little commit that uses a new abstraction I created after reading the
code for this tool. I'm not sure if it's a good idea to abstract out
something so unusual, but I thought the code might be cleaner?

~ Just a thought ~
@Mic92
Copy link
Member

Mic92 commented Jan 9, 2021

Thanks for working on this. The container.sh looks indeed useful. I am a bit concerned however that factoring out the low-level details to a library makes it a bit harder to understand and change the tool in future.

@jD91mZM2
Copy link
Member Author

jD91mZM2 commented Jan 9, 2021

Understandable. My idea was that the library would make it more clear what's going on at a high level, as well as informing about low-level details in the documentation.

If you disagree, however, I can of course split out container.sh from this PR and throw out rooter :)

Another change, btw, is that nix-user-chroot currently does this (I think):

  • Perform chroot, bind old root to /nix
  • Bind all root entries from /nix to /
  • Bind /nix/nix to /nix

But rooter does this:

  • Bind all root entries to temporary directory
  • Bind /nix to rootdir/nix
  • Chroot to temporary directory

If you like this behaviour I can also extract out that.

@Mic92
Copy link
Member

Mic92 commented Jan 9, 2021
edited
Loading

Your proposed scheme sounds good also container.sh would be useful. In case you are motivated, it might be also nice to not set CLONE_NEWUSER if the user is root: NixOS/nixpkgs@66c16e1
This would allow to use nix-user-chroot also with root (in case the user has root permissions but don't want to create /nix).

@jD91mZM2
Copy link
Member Author

jD91mZM2 commented Jan 9, 2021

Sure, I'm on it. May I ask, by the way, why do you have MS_PRIVATE?

@Mic92
Copy link
Member

Mic92 commented Jan 9, 2021

Sure, I'm on it. May I ask, by the way, why do you have MS_PRIVATE?

If you do pivot_root all mounts must be marked as private, otherwise it fails.

@jD91mZM2
Copy link
Member Author

jD91mZM2 commented Jan 9, 2021

Aha, I see. I guess I've just been lucky that none of my mounts have been MS_SHARED when I tried it without. Thank you :)

@jD91mZM2
Copy link
Member Author

jD91mZM2 commented Jan 9, 2021

Closing this PR and opening another one btw

@jD91mZM2 jD91mZM2 closed this Jan 9, 2021
@jD91mZM2 jD91mZM2 mentioned this pull request Jan 9, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jD91mZM2 @Mic92