15d23546ff
user-chroot: Add --unshare-pid, --unshare-net, and --mount-proc
...
To use CLONE_NEWPID we have to actually call clone() because it's
not supported by unshare().
To enable CLONE_NEWPID to be useful, we have to allow creating a new
proc mount rather than binding an existing one.
2011-12-07 10:52:42 -05:00
fbb09d71a6
ostbuild: Add --unshare-ipc flag for user-chroot
...
This optionally closes down more paths to the host, which is
a good thing.
2011-12-07 09:48:38 -05:00
fb5ecdac42
ostbuild: Also allow making directories read-only
2011-12-06 19:36:42 -05:00
a4b249e333
ostbuild: Clarify "safely" for user-chroot
2011-12-06 14:39:30 -05:00
d32b2cb572
ostbuild: Recursively make mount points private
...
This ensures we're not going to mutate any global state.
2011-12-06 14:36:57 -05:00
3042724698
ostbuild: Allow binding arbitrary directories, don't hardcode /proc /dev
...
This is just more flexible, and eventually we want this to be a
generic user-chroot tool.
2011-12-06 14:06:45 -05:00
0fb40b201f
ostbuild: Ensure user chroot mounts are not shared
...
It's possible that the root filesystem mount is global; we need
to undo that in order to be sure that our "private" bind mounts
really are private.
2011-12-06 12:18:17 -05:00
e68d0d25c0
ostbuild: Update user-chroot to bind mount /proc and /dev
2011-12-06 10:43:01 -05:00
7093ed4c57
ostbuild: ostbuild-user-chroot: New Linux-specific utility for safe chroots
2011-12-04 17:09:03 -05:00
Colin Walters