This helps isolate the catalyst builds from the rest of the system
and allows us to build as non-root user in more cases. This might
not work everywhere, but it's a start (snapshot generation works).
---
catalyst/main.py | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/catalyst/main.py b/catalyst/main.py
index 65e1431..f984653 100644
--- a/catalyst/main.py
+++ b/catalyst/main.py
@@ -10,6 +10,8 @@ import argparse
import os
import sys
+from snakeoil.process import namespaces
+
__selfpath__ = os.path.abspath(os.path.dirname(__file__))
from DeComp.definitions import (COMPRESS_DEFINITIONS, DECOMPRESS_DEFINITIONS,
@@ -336,6 +338,13 @@ def main():
if "target" not in addlargs:
raise CatalystError("Required value \"target\" not specified.")
+ # Start off by creating unique namespaces to run in.
+ namespaces.simple_unshare(
+ mount=True, uts=True, ipc=True, pid=True, net=False, user=True,
+ hostname='catalyst')
+
+ # We should be root now, either a real root, or in a userns as root.
+ # If we aren't, then we've failed, and need to abort.
if os.getuid() != 0:
# catalyst cannot be run as a normal user due to chroots,
mounts, etc
print "!!! catalyst: This script requires root privileges to
operate"
--
2.5.2
