[baker-baker] sandbox compile
T. Onoma
transami at runbox.com
Thu Dec 11 19:41:48 EST 2003
Here is chroot as given in rubyx. There are a couple of things I'm wondering
about it. A) proc is mounted B) nearly all ENV variables are deleted and then
reconstructed from /etc/enviornment (albiet my evironment file is empty) and
C) it is all run in a separate process. Are these neccessary?
def chroot(dir)
User.asroot {
raise "mount proc failed" unless system("mount -n -t proc proc
"+path(dir,'proc'))
begin
trap('INT','IGNORE')
pid = Process.fork {
begin
dir.cd #MUST cd before chroot - see Dir.chroot docs
Dir.chroot(dir)
#Reset the rubyx UID/GID which may be different here
User.set($users['rubyx'],$groups['users'])
$root = '/'
#ENV.delete_if { |key,val| key!='TERM' }
'/etc/environment'.fread.each { |v| v =~ /export (.*)=(.*)/;
ENV[$1]=$2 }
ENV['HOME'] = '/home/root'
yield
rescue Exception
puts $!
end
}
Process.waitpid(pid)
ensure
system('umount -ln '+path(dir,'proc'))
trap('INT','DEFAULT')
end
}
end
--
T.
More information about the Baker-baker
mailing list