Skip to content

Commit

Permalink
Add "privileged container" mode to sandbox.c (JuliaPackaging#132)
Browse files Browse the repository at this point in the history 
* Add "privileged container" mode to `sandbox.c`

On some Linux kernels, mounting overlay filesystems within user
namespaces is broken, see [0] for an Ubuntu issue tracking this and
their patch to fix it. To work around this, we allow the user to enable
running the sandbox through `sudo`, which adds another path through the
already convoluted `sandbox.c`.  After a thorough reorganization of
`sandbox.c`, we now have three well-defined execution modes (init,
unprivileged and privileged) and a `sandbox` that can either mount
overlay filesystems as root within a user namespace, or can mount
overlay filesystems as root outside of a user namespace, then enter the
user namespace.

[0] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1531747

* Bump rootfs version

* Quash some small bugs
  • Loading branch information
@staticfloat
staticfloat authored Feb 3, 2018
1 parent 4c98bc6 commit 397ba66
Show file tree
Hide file tree
Showing 12 changed files with 486 additions and 231 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@
*.jl.*.cov
*.jl.mem
global_prefix
.vscode/
3 changes: 2 additions & 1 deletion .travis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,8 @@ env:
matrix:
- BINARYBUILDER_USE_SQUASHFS=true
- BINARYBUILDER_USE_SQUASHFS=false

- BINARYBUILDER_RUNNER=privileged

cache:
directories:
- deps/downloads
Expand Down
Loading

0 comments on commit 397ba66

Please sign in to comment.