From bb9d723d3336e2f64beb04ac777a0ea45873f818 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Roman=20Smr=C5=BE?= <roman.smrz@seznam.cz>
Date: Tue, 3 Aug 2021 22:07:44 +0200
Subject: Network and process init with unsharing wrapper

---
 src/Wrapper.hs | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 src/Wrapper.hs

(limited to 'src/Wrapper.hs')

diff --git a/src/Wrapper.hs b/src/Wrapper.hs
new file mode 100644
index 0000000..c97d242
--- /dev/null
+++ b/src/Wrapper.hs
@@ -0,0 +1,25 @@
+module Main where
+
+import System.Environment
+import System.FilePath
+import System.Linux.Namespaces
+import System.Posix.Process
+import System.Posix.User
+import System.Process
+
+main :: IO ()
+main = do
+    -- we must get uid/gid before unshare
+    uid <- getEffectiveUserID
+    gid <- getEffectiveGroupID
+
+    unshare [User, Network, Mount]
+    writeUserMappings Nothing [UserMapping 0 uid 1]
+    writeGroupMappings Nothing [GroupMapping 0 gid 1] True
+
+    -- needed for creating /run/netns
+    callCommand "mount -t tmpfs tmpfs /run"
+
+    path <- getExecutablePath
+    args <- getArgs
+    executeFile (takeDirectory path </> "../../../erebos-tester-core/build/erebos-tester-core/erebos-tester-core") False args Nothing
-- 
cgit v1.2.3