Network and process init with unsharing wrapper

author: Roman Smrž <roman.smrz@seznam.cz> 2021-08-03 22:07:44 +0200
committer: Roman Smrž <roman.smrz@seznam.cz> 2021-08-04 21:41:28 +0200
commit: bb9d723d3336e2f64beb04ac777a0ea45873f818 (patch)
tree: 987907de82c08f03ef872750c04d9328894da206 /src/Wrapper.hs
parent: 640096d8f2735701d804abd599fa93e6a8f73316 (diff)
1 files changed, 25 insertions, 0 deletions
diff --git a/src/Wrapper.hs b/src/Wrapper.hs
new file mode 100644
index 0000000..c97d242
--- /dev/null
+++ b/src/Wrapper.hs
@@ -0,0 +1,25 @@
+module Main where
+
+import System.Environment
+import System.FilePath
+import System.Linux.Namespaces
+import System.Posix.Process
+import System.Posix.User
+import System.Process
+
+main :: IO ()
+main = do
+    -- we must get uid/gid before unshare
+    uid <- getEffectiveUserID
+    gid <- getEffectiveGroupID
+
+    unshare [User, Network, Mount]
+    writeUserMappings Nothing [UserMapping 0 uid 1]
+    writeGroupMappings Nothing [GroupMapping 0 gid 1] True
+
+    -- needed for creating /run/netns
+    callCommand "mount -t tmpfs tmpfs /run"
+
+    path <- getExecutablePath
+    args <- getArgs
+    executeFile (takeDirectory path </> "../../../erebos-tester-core/build/erebos-tester-core/erebos-tester-core") False args Nothing
author	Roman Smrž <roman.smrz@seznam.cz>	2021-08-03 22:07:44 +0200
committer	Roman Smrž <roman.smrz@seznam.cz>	2021-08-04 21:41:28 +0200
commit	bb9d723d3336e2f64beb04ac777a0ea45873f818 (patch)
tree	987907de82c08f03ef872750c04d9328894da206 /src/Wrapper.hs
parent	640096d8f2735701d804abd599fa93e6a8f73316 (diff)