From 71f07edd672a9d05f8ddb68d674f4f8811fec9a1 Mon Sep 17 00:00:00 2001
From: Pascal Terjan <pterjan@mageia.org>
Date: Tue, 3 Oct 2017 19:13:31 +0100
Subject: Use a network namespace for builds

---
 NEWS               |  1 +
 iurt_root_command  | 30 +++++++++++++++++++++++++++++-
 lib/Iurt/Chroot.pm |  6 ++++++
 3 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 32e70fc..5913ec1 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,7 @@
 - iurt: add fixed_media option to make autobuild faster
 - iurt: kill a lot of code (and some features)
 - iurt: kill upload/rsync code
+- iurt: use a network namespace for builds
 
 0.6.29
 - iurt: support chroot tarballs with non gz compression
diff --git a/iurt_root_command b/iurt_root_command
index 3104062..8c1b265 100755
--- a/iurt_root_command
+++ b/iurt_root_command
@@ -30,6 +30,7 @@ use Cwd 'realpath';
 use File::Path qw(make_path);
 use File::Slurp;
 use String::Escape;
+use File::Basename;
 
 my $arg = @ARGV;
 my (@params, %run);
@@ -161,6 +162,14 @@ $run{todo} = [];
     "create a btrfs snapshot", 
     \&btrfs_snapshot, "btrfs snapshot" ],
 
+    [ "", "netns_create", 1, "<directory>",
+    "create a network namespace",
+    \&netfs_create, "Create network namespace for given chroot" ],
+
+    [ "", "netns_delete", 1, "<directory>",
+    "delete a network namespace",
+    \&netfs_delete, "Delete network namespace for given chroot, killing all processes" ],
+
     [ "", "useradd", 3, "<directory> <username> [uid]", 
     "Add user in given chroot", 
     \&useradd, "Useradd" ],
@@ -404,6 +413,20 @@ sub btrfs_snapshot {
     return !system("btrfs", "subvolume", "snapshot", $source, $dest);
 }
 
+sub netfs_create {
+    my ($_run, $dest) = @_;
+    check_path_authorized($dest) or return;
+    return !system("ip", "netns", "add", basename($dest));
+}
+
+sub netfs_delete {
+    my ($_run, $dest) = @_;
+    check_path_authorized($dest) or return;
+    my $nsname = basename($dest);
+    system("ip netns pids $nsname | xargs -r kill -9");
+    return !system("ip", "netns", "del", $nsname);
+}
+
 sub bindmount {
     my ($_run, $source, $dest) = @_;
     check_path_authorized($dest) or return;
@@ -484,5 +507,10 @@ sub run_chroot {
     }
     check_path_authorized($dir) or return;
 
-    return !system("chroot", $dir, @options);
+    my $nsname = basename($dir);
+    if (!system("ip netns list | grep -q '^$nsname\$'"))  {
+	return !system("ip", "netns", "exec", $nsname, "chroot", $dir, @options);
+    } else {
+	return !system("chroot", $dir, @options);
+    }
 }
diff --git a/lib/Iurt/Chroot.pm b/lib/Iurt/Chroot.pm
index 362c7e7..ea26655 100644
--- a/lib/Iurt/Chroot.pm
+++ b/lib/Iurt/Chroot.pm
@@ -238,6 +238,8 @@ sub clean_all_chroot_tmp {
 sub delete_chroot {
     my ($run, $config, $chroot) = @_;
 
+    # This also kills any process in the associated namespace
+    sudo($config, '--netns_delete', $chroot);
     _clean_mounts($run, $config, $chroot);
 
     plog(1, "cleaning $chroot");
@@ -313,6 +315,10 @@ sub create_build_chroot {
 	    }
         }
     }
+
+    if ($ret) {
+	sudo($config, '--netns_create', $chroot);
+    }
     return $ret;
 }
 
-- 
cgit v1.2.1