Merge pull request #200 from fsquillace/docs_and_nested_envs

Docs and nested envs
2026-01-23 02:34:30 +00:00 · 2017-09-18 17:02:06 +02:00 · 2017-09-18 17:02:06 +02:00 · 0d7468b516
commit 0d7468b516
parent 4b6fd63cf8 d858d577c8
9 changed files with 63 additions and 10 deletions
--- a/README.md
+++ b/README.md
@ -1,6 +1,6 @@
 JuNest
 ======
-The Arch Linux based distro that runs upon any Linux distros without root access.
+The lightweight Arch Linux based distro that runs upon any Linux distros without root access.

 <h1 align="center">
    <a href="https://github.com/fsquillace/junest"><img
@ -32,13 +32,13 @@ an isolated GNU/Linux environment inside any generic host GNU/Linux OS
 and without the need to have root privileges for installing packages.

 JuNest contains mainly the package managers (called [pacman](https://wiki.archlinux.org/index.php/Pacman)
-and a simple wrapper of [yaourt](https://wiki.archlinux.org/index.php/Yaourt) called yogurt) that allows to access
+and a simple [yaourt](https://wiki.archlinux.org/index.php/Yaourt) wrapper called yogurt) that allows to access
 to a wide range of packages from the Arch Linux repositories.

 The main advantages on using JuNest are:

 - Install packages without root privileges.
- Isolated environment in which you can install packages without affecting a production system.
+- Partial isolated environment which you can install packages without affecting a production system.
 - Access to a wide range of packages in particular on GNU/Linux distros that may contain limited repositories (such as CentOS and RedHat).
 - Available for x86\_64, x86 and ARM architectures but you can build your own image from scratch too!
 - Run on a different architecture from the host OS via QEMU
@ -46,6 +46,21 @@ The main advantages on using JuNest are:

 JuNest follows the [Arch Linux philosophy](https://wiki.archlinux.org/index.php/The_Arch_Way).

+How different is JuNest from Docker and Vagrant?
+------------------------------------------------
+Although JuNest sounds similar to a virtualisation/Linux container -like system,
+JuNest differentiate a lot between Docker and Vagrant.
+In fact, the purpose of JuNest is **not** to
+build a complete isolated environment but, conversely, is the ability to run
+programs as they were running natively from the host OS. Almost everything is shared
+between host OS and the JuNest sandbox (kernel, process subtree, network, mounting, etc)
+and only the root filesystem gets isolated
+(as the programs installed in JuNest need to reside elsewhere).
+
+This allows interaction between processes belonging to both host OS and JuNest.
+For instance, you can install `top` command in JuNest in order to monitor
+any processes belonging to the host OS.
+
 Quickstart
 ==========
 The basic way to run JuNest is via the [Proot](https://wiki.archlinux.org/index.php/Proot) as the backend program:
--- a/lib/checks/check.sh
+++ b/lib/checks/check.sh
@ -32,7 +32,11 @@ info "Validating JuNest located in ${JUNEST_HOME}..."

 info "Initial JuNest setup..."
 echo "Server = ${DEFAULT_MIRROR}" >> /etc/pacman.d/mirrorlist
-pacman --noconfirm -Syyu
+pacman --noconfirm -Syy
+pacman --noconfirm -S archlinux-keyring
+pacman-key --init
+pacman-key --populate archlinux
+pacman --noconfirm -Su
 pacman --noconfirm -S grep coreutils
 pacman --noconfirm -S $(pacman -Sg base-devel | cut -d ' ' -f 2 | grep -v sudo)

--- a/lib/core/chroot.sh
+++ b/lib/core/chroot.sh
@ -28,8 +28,6 @@ function _run_env_as_xroot(){

    copy_common_files

-    check_nested_env
-
    JUNEST_ENV=1 $cmd $backend_args "$JUNEST_HOME" "${SH[@]}" "-c" "${main_cmd}"
 }

@ -52,6 +50,8 @@ function _run_env_as_xroot(){
 #   -                        : The command output.
 #######################################
 function run_env_as_groot(){
+    check_nested_env
+
    local backend_args="$1"
    shift

@ -81,6 +81,8 @@ function run_env_as_groot(){
 #   -                        : The command output.
 #######################################
 function run_env_as_chroot(){
+    check_nested_env
+
    local backend_args="$1"
    shift

--- a/lib/core/namespace.sh
+++ b/lib/core/namespace.sh
@ -46,8 +46,6 @@ function _run_env_with_namespace(){
    local backend_args="$1"
    shift

-    check_nested_env
-
    provide_common_bindings
    local bindings=${RESULT}
    unset RESULT
@ -82,6 +80,8 @@ function _run_env_with_namespace(){
 #   -                        : The command output.
 #######################################
 function run_env_with_namespace() {
+    check_nested_env
+
    local backend_args="$1"
    shift
    _check_user_namespace
--- a/lib/core/proot.sh
+++ b/lib/core/proot.sh
@ -12,7 +12,6 @@ function _run_env_with_proot(){
    local proot_args="$1"
    shift

-    check_nested_env
    if [ "$1" != "" ]
    then
        JUNEST_ENV=1 proot_cmd "${proot_args}" "${SH[@]}" "-c" "$(insert_quotes_on_spaces "${@}")"
@ -60,6 +59,8 @@ function _run_env_with_qemu(){
 function run_env_as_fakeroot(){
    (( EUID == 0 )) && \
        die_on_status $ROOT_ACCESS_ERROR "You cannot access with root privileges. Use --groot option instead."
+    check_nested_env
+
    local backend_args="$1"
    shift

@ -93,6 +94,8 @@ function run_env_as_fakeroot(){
 function run_env_as_user(){
    (( EUID == 0 )) && \
        die_on_status $ROOT_ACCESS_ERROR "You cannot access with root privileges. Use --groot option instead."
+    check_nested_env
+
    local backend_args="$1"
    shift

--- a/tests/unit-tests/test-chroot.sh
+++ b/tests/unit-tests/test-chroot.sh
@ -44,6 +44,12 @@ function test_run_env_as_groot_no_cmd(){
    assertEquals "chroot_cmd -b $HOME -b /tmp -b /proc -b /sys -b /dev $JUNEST_HOME /bin/sh --login -c /bin/sh --login" "$(cat $STDOUTF)"
 }

+function test_run_env_as_groot_nested_env(){
+    JUNEST_ENV=1
+    assertCommandFailOnStatus 106 run_env_as_groot ""
+    unset JUNEST_ENV
+}
+
 function test_run_env_as_groot_cmd_with_backend_args(){
    assertCommandSuccess run_env_as_groot "-n -b /home/blah" pwd
    assertEquals "chroot_cmd -b $HOME -b /tmp -b /proc -b /sys -b /dev -n -b /home/blah $JUNEST_HOME /bin/sh --login -c pwd" "$(cat $STDOUTF)"
@ -59,6 +65,12 @@ function test_run_env_as_chroot_no_cmd(){
    assertEquals "chroot_cmd $JUNEST_HOME /bin/sh --login -c /bin/sh --login" "$(cat $STDOUTF)"
 }

+function test_run_env_as_choot_nested_env(){
+    JUNEST_ENV=1
+    assertCommandFailOnStatus 106 run_env_as_chroot ""
+    unset JUNEST_ENV
+}
+
 function test_run_env_as_chroot_cmd_with_backend_args(){
    assertCommandSuccess run_env_as_chroot "-n -b /home/blah" pwd
    assertEquals "chroot_cmd -n -b /home/blah $JUNEST_HOME /bin/sh --login -c pwd" "$(cat $STDOUTF)"
--- a/tests/unit-tests/test-common.sh
+++ b/tests/unit-tests/test-common.sh
@ -164,7 +164,6 @@ function test_proot_cmd_seccomp(){
        env | grep "^PROOT_NO_SECCOMP"
    }
    PROOT=envv
-    local output=$(proot_cmd | grep "^PROOT_NO_SECCOMP")
    assertCommandSuccess proot_cmd cmd
    # The variable PROOT_NO_SECCOMP will be produced
    # twice due to the fallback mechanism
--- a/tests/unit-tests/test-namespace.sh
+++ b/tests/unit-tests/test-namespace.sh
@ -110,4 +110,10 @@ function test_run_env_with_namespace_with_bindings_and_command() {
    _test_copy_remaining_files
 }

+function test_run_env_with_namespace_nested_env(){
+    JUNEST_ENV=1
+    assertCommandFailOnStatus 106 run_env_with_namespace ""
+    unset JUNEST_ENV
+}
+
 source $JUNEST_ROOT/tests/utils/shunit2
--- a/tests/unit-tests/test-proot.sh
+++ b/tests/unit-tests/test-proot.sh
@ -62,6 +62,12 @@ function test_run_env_as_user(){
    _test_copy_remaining_files
 }

+function test_run_env_as_user_nested_env(){
+    JUNEST_ENV=1
+    assertCommandFailOnStatus 106 run_env_as_user ""
+    unset JUNEST_ENV
+}
+
 function test_run_env_as_fakeroot(){
    _run_env_with_qemu() {
        echo $@
@ -76,6 +82,12 @@ function test_run_env_as_fakeroot(){
    _test_copy_common_files
 }

+function test_run_env_as_fakeroot_nested_env(){
+    JUNEST_ENV=1
+    assertCommandFailOnStatus 106 run_env_as_fakeroot ""
+    unset JUNEST_ENV
+}
+
 function test_run_env_with_quotes(){
    _run_env_with_qemu() {
        echo $@