901917ff85
The current motivation for this is that https://github.com/fedora-infra/fedmsg-atomic-composer started using mock --new-chroot (which uses systemd-nspawn) to run rpm-ostree, which in turn uses systemd-nspawn to run the post script. Now systemd-nspawn is not really nestable (it wants to link up journald, resolv.conf handling, etc). First, dropping nspawn and going to raw containers fixes the nesting problem. Second, we don't need all the features of systemd-nspawn. We are ok with log messages going to stdout, and we don't use networking, so no resolv.conf is needed. Third, this sets a bit of a stage for more sandboxing internally when run on real systems. I already have a prototype branch which runs librepo as an unprivileged user, that could be combined with this for even stronger security. Why not use systemd? Well...I'm still debating that. But the core problem is systemd isn't a library in the C sense - to use its sandboxing features we have to use unit files. It's harder to have a daemon that looks like a single service from a management perspective, but uses sandboxing internally.
45 lines
1.6 KiB
C
45 lines
1.6 KiB
C
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*-
|
|
*
|
|
* Copyright (C) 2014 Colin Walters <walters@verbum.org>
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Lesser General Public License as published
|
|
* by the Free Software Foundation; either version 2 of the licence or (at
|
|
* your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General
|
|
* Public License along with this library; if not, write to the
|
|
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
|
|
* Boston, MA 02111-1307, USA.
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
#include <gio/gio.h>
|
|
#include <sched.h>
|
|
#include <sys/mount.h>
|
|
#include <sys/types.h>
|
|
#include <sys/prctl.h>
|
|
#include <sys/fsuid.h>
|
|
#include <sys/syscall.h>
|
|
#include <sys/wait.h>
|
|
#include <sys/capability.h>
|
|
#include <sched.h>
|
|
|
|
void _rpmostree_libcontainer_set_not_available (void);
|
|
gboolean _rpmostree_libcontainer_get_available (void);
|
|
|
|
gboolean _rpmostree_libcontainer_bind_mount_readonly (const char *path, GError **error);
|
|
|
|
int _rpmostree_libcontainer_make_api_mounts (const char *dest);
|
|
int _rpmostree_libcontainer_prep_dev (const char *dest);
|
|
|
|
pid_t _rpmostree_libcontainer_run_in_root (const char *dest,
|
|
const char *binary,
|
|
char **argv);
|