Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / chromite / e759b23e84576230f207906d08552640119d6533^! / . / scripts / cros_sdk.py
commite759b23e84576230f207906d08552640119d6533[log] [tgz]
authorJosh Triplett <josh@joshtriplett.org>Fri Mar 08 13:03:43 2013 -0800
committerChromeBot <chrome-bot@google.com>Wed Mar 13 14:54:11 2013 -0700
tree221df3aca7096666203d8f860a8c8658c8a31bfa
parent4f91515030ea315bebc044f7aa016940630e22a6 [diff] [blame]
cros_sdk: Call unshare directly rather than execing the util-linux unshare

cros_sdk re-execs itself using the unshare binary from util-linux to
create a new mount namespace, and uses a magic environment variable to
tell whether it has done so already.  Simplify this by using the unshare
system call directly, via Python's ctypes module.  (The unshare system
call will necessarily exist on any system where the unshare binary would
work.)

Unlike re-execing, calling unshare directly preserves the current state
of the process.  This allows eliminating the magic environment variable,
and will also simplify future additions of further namespace isolation.

Commit by Josh Triplett <josh@joshtriplett.org> and
Anton Cherkashyn <mail@antonc.com>

BUG=None
TEST=cros_sdk --enter

Change-Id: Ic98888be45e35efb9c77ed0828a61a441b16aba3
Reviewed-on: https://gerrit.chromium.org/gerrit/44963
Tested-by: Josh Triplett <josh@joshtriplett.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David James <davidjames@chromium.org>
Tested-by: David James <davidjames@chromium.org>
Commit-Queue: Josh Triplett <josh@joshtriplett.org>

diff --git a/scripts/cros_sdk.py b/scripts/cros_sdk.py
index 93101d1..28a2f45 100644
--- a/scripts/cros_sdk.py
+++ b/scripts/cros_sdk.py

@@ -15,6 +15,7 @@
 from chromite.lib import commandline
 from chromite.lib import cros_build_lib
 from chromite.lib import locking
+from chromite.lib import namespaces
 from chromite.lib import osutils
 from chromite.lib import toolchain
 
@@ -30,7 +31,7 @@
                              'src/scripts/sdk_lib/enter_chroot.sh')]
 
 # We need these tools to run. Very common tools (tar,..) are ommited.
-NEEDED_TOOLS = ('curl', 'xz', 'unshare')
+NEEDED_TOOLS = ('curl', 'xz')
 
 
 def GetArchStageTarballs(version):
@@ -190,16 +191,12 @@
   Also unshare the mount namespace so as to ensure that processes outside
   the chroot can't mess with our mounts.
   """
-  MAGIC_VAR = '%CROS_SDK_MOUNT_NS'
   if os.geteuid() != 0:
     cmd = _SudoCommand() + ['--'] + argv
     os.execvp(cmd[0], cmd)
-  elif os.environ.get(MAGIC_VAR, '0') == '0':
-    cgroups.Cgroup.InitSystem()
-    os.environ[MAGIC_VAR] = '1'
-    os.execvp('unshare', ['unshare', '-m', '--'] + argv)
   else:
-    os.environ.pop(MAGIC_VAR)
+    cgroups.Cgroup.InitSystem()
+    namespaces.Unshare(namespaces.CLONE_NEWNS)
 
 
 def main(argv):