diff options
author | Roman Smrž <roman.smrz@seznam.cz> | 2021-08-03 22:07:44 +0200 |
---|---|---|
committer | Roman Smrž <roman.smrz@seznam.cz> | 2021-08-04 21:41:28 +0200 |
commit | bb9d723d3336e2f64beb04ac777a0ea45873f818 (patch) | |
tree | 987907de82c08f03ef872750c04d9328894da206 /src/Wrapper.hs | |
parent | 640096d8f2735701d804abd599fa93e6a8f73316 (diff) |
Network and process init with unsharing wrapper
Diffstat (limited to 'src/Wrapper.hs')
-rw-r--r-- | src/Wrapper.hs | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/src/Wrapper.hs b/src/Wrapper.hs new file mode 100644 index 0000000..c97d242 --- /dev/null +++ b/src/Wrapper.hs @@ -0,0 +1,25 @@ +module Main where + +import System.Environment +import System.FilePath +import System.Linux.Namespaces +import System.Posix.Process +import System.Posix.User +import System.Process + +main :: IO () +main = do + -- we must get uid/gid before unshare + uid <- getEffectiveUserID + gid <- getEffectiveGroupID + + unshare [User, Network, Mount] + writeUserMappings Nothing [UserMapping 0 uid 1] + writeGroupMappings Nothing [GroupMapping 0 gid 1] True + + -- needed for creating /run/netns + callCommand "mount -t tmpfs tmpfs /run" + + path <- getExecutablePath + args <- getArgs + executeFile (takeDirectory path </> "../../../erebos-tester-core/build/erebos-tester-core/erebos-tester-core") False args Nothing |