On Thu, Oct 1, 2015 at 1:14 PM, Mike Shal <[email protected]> wrote: > > On Thu, Oct 1, 2015 at 1:03 PM, Freddie Chopin <[email protected]> > wrote: > >> On Thursday 01 of October 2015 12:55:49 Mike Shal wrote: >> > Well I was wondering if it makes sense to only support the normal paths >> > where namespacing is enabled, so I could get rid of the ^c flag and >> suid & >> > privilege dropping code. >> >> I hope you won't disable that any time soon (; This is very useful and the >> user namespaces path doesn't seem to be an universal solution... >> > > Okie, good to know. I'll try to fix up the patch so that it's an alternate > path rather than a replacement, which can be used by default for kernels > that support it. Maybe it can just spit out a warning if your kernel > doesn't support it and not running in a chroot that you'll have .tup/mnt > paths. > > > Alrighty, the 'unshare' branch has been updated. Can you give it a try again and let me know how it works? I've tested it in my arch VM, both with tup marked suid root and without, and it seems to work.
This changes the behavior of the ^c-flag and the default tup environment slightly. Now if tup has the suid bit set, or if it has user namespaces available, it will always mount the fuse filesystem in a new namespace so that the sub-processes don't ever see the .tup/mnt directory, even if you don't have the ^c flag set. So things like gcc with --coverage should work out of the box. However, if tup isn't suid and user namespaces aren't available, you'll see a warning when running tup that you're running in a degraded mode: tup warning: unshare(CLONE_NEWUSER) failed, and tup is not privileged. Subprocesses will have '.tup/mnt' paths for the current working directory and some dependencies may be missed. Using the ^c flag means those commands will just fail outright if running in this degraded mode. It no longer forces a chroot, since that shouldn't change the output of the program anymore. Let me know what you guys think! (Also this branch doesn't work on OSX yet, but I'll obviously fix that before merging to master). -Mike -- -- tup-users mailing list email: [email protected] unsubscribe: [email protected] options: http://groups.google.com/group/tup-users?hl=en --- You received this message because you are subscribed to the Google Groups "tup-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
