From 71f07edd672a9d05f8ddb68d674f4f8811fec9a1 Mon Sep 17 00:00:00 2001 From: Pascal Terjan Date: Tue, 3 Oct 2017 19:13:31 +0100 Subject: Use a network namespace for builds --- iurt_root_command | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) (limited to 'iurt_root_command') diff --git a/iurt_root_command b/iurt_root_command index 3104062..8c1b265 100755 --- a/iurt_root_command +++ b/iurt_root_command @@ -30,6 +30,7 @@ use Cwd 'realpath'; use File::Path qw(make_path); use File::Slurp; use String::Escape; +use File::Basename; my $arg = @ARGV; my (@params, %run); @@ -161,6 +162,14 @@ $run{todo} = []; "create a btrfs snapshot", \&btrfs_snapshot, "btrfs snapshot" ], + [ "", "netns_create", 1, "", + "create a network namespace", + \&netfs_create, "Create network namespace for given chroot" ], + + [ "", "netns_delete", 1, "", + "delete a network namespace", + \&netfs_delete, "Delete network namespace for given chroot, killing all processes" ], + [ "", "useradd", 3, " [uid]", "Add user in given chroot", \&useradd, "Useradd" ], @@ -404,6 +413,20 @@ sub btrfs_snapshot { return !system("btrfs", "subvolume", "snapshot", $source, $dest); } +sub netfs_create { + my ($_run, $dest) = @_; + check_path_authorized($dest) or return; + return !system("ip", "netns", "add", basename($dest)); +} + +sub netfs_delete { + my ($_run, $dest) = @_; + check_path_authorized($dest) or return; + my $nsname = basename($dest); + system("ip netns pids $nsname | xargs -r kill -9"); + return !system("ip", "netns", "del", $nsname); +} + sub bindmount { my ($_run, $source, $dest) = @_; check_path_authorized($dest) or return; @@ -484,5 +507,10 @@ sub run_chroot { } check_path_authorized($dir) or return; - return !system("chroot", $dir, @options); + my $nsname = basename($dir); + if (!system("ip netns list | grep -q '^$nsname\$'")) { + return !system("ip", "netns", "exec", $nsname, "chroot", $dir, @options); + } else { + return !system("chroot", $dir, @options); + } } -- cgit v1.2.1