diff options
| author | Pascal Terjan <pterjan@mageia.org> | 2017-10-03 19:13:31 +0100 |
|---|---|---|
| committer | Pascal Terjan <pterjan@mageia.org> | 2017-10-03 21:05:27 +0100 |
| commit | 71f07edd672a9d05f8ddb68d674f4f8811fec9a1 (patch) | |
| tree | c10ae073960de6170f70dccccf0b7b081953735e | |
| parent | 227a7b4f441a4d174b8862a7ab43b469f0ab7f64 (diff) | |
| download | iurt-71f07edd672a9d05f8ddb68d674f4f8811fec9a1.tar iurt-71f07edd672a9d05f8ddb68d674f4f8811fec9a1.tar.gz iurt-71f07edd672a9d05f8ddb68d674f4f8811fec9a1.tar.bz2 iurt-71f07edd672a9d05f8ddb68d674f4f8811fec9a1.tar.xz iurt-71f07edd672a9d05f8ddb68d674f4f8811fec9a1.zip | |
Use a network namespace for builds
| -rw-r--r-- | NEWS | 1 | ||||
| -rwxr-xr-x | iurt_root_command | 30 | ||||
| -rw-r--r-- | lib/Iurt/Chroot.pm | 6 |
3 files changed, 36 insertions, 1 deletions
@@ -5,6 +5,7 @@ - iurt: add fixed_media option to make autobuild faster - iurt: kill a lot of code (and some features) - iurt: kill upload/rsync code +- iurt: use a network namespace for builds 0.6.29 - iurt: support chroot tarballs with non gz compression diff --git a/iurt_root_command b/iurt_root_command index 3104062..8c1b265 100755 --- a/iurt_root_command +++ b/iurt_root_command @@ -30,6 +30,7 @@ use Cwd 'realpath'; use File::Path qw(make_path); use File::Slurp; use String::Escape; +use File::Basename; my $arg = @ARGV; my (@params, %run); @@ -161,6 +162,14 @@ $run{todo} = []; "create a btrfs snapshot", \&btrfs_snapshot, "btrfs snapshot" ], + [ "", "netns_create", 1, "<directory>", + "create a network namespace", + \&netfs_create, "Create network namespace for given chroot" ], + + [ "", "netns_delete", 1, "<directory>", + "delete a network namespace", + \&netfs_delete, "Delete network namespace for given chroot, killing all processes" ], + [ "", "useradd", 3, "<directory> <username> [uid]", "Add user in given chroot", \&useradd, "Useradd" ], @@ -404,6 +413,20 @@ sub btrfs_snapshot { return !system("btrfs", "subvolume", "snapshot", $source, $dest); } +sub netfs_create { + my ($_run, $dest) = @_; + check_path_authorized($dest) or return; + return !system("ip", "netns", "add", basename($dest)); +} + +sub netfs_delete { + my ($_run, $dest) = @_; + check_path_authorized($dest) or return; + my $nsname = basename($dest); + system("ip netns pids $nsname | xargs -r kill -9"); + return !system("ip", "netns", "del", $nsname); +} + sub bindmount { my ($_run, $source, $dest) = @_; check_path_authorized($dest) or return; @@ -484,5 +507,10 @@ sub run_chroot { } check_path_authorized($dir) or return; - return !system("chroot", $dir, @options); + my $nsname = basename($dir); + if (!system("ip netns list | grep -q '^$nsname\$'")) { + return !system("ip", "netns", "exec", $nsname, "chroot", $dir, @options); + } else { + return !system("chroot", $dir, @options); + } } diff --git a/lib/Iurt/Chroot.pm b/lib/Iurt/Chroot.pm index 362c7e7..ea26655 100644 --- a/lib/Iurt/Chroot.pm +++ b/lib/Iurt/Chroot.pm @@ -238,6 +238,8 @@ sub clean_all_chroot_tmp { sub delete_chroot { my ($run, $config, $chroot) = @_; + # This also kills any process in the associated namespace + sudo($config, '--netns_delete', $chroot); _clean_mounts($run, $config, $chroot); plog(1, "cleaning $chroot"); @@ -313,6 +315,10 @@ sub create_build_chroot { } } } + + if ($ret) { + sudo($config, '--netns_create', $chroot); + } return $ret; } |