From b2ba7f9d5bf2f818989f1e55880b1873b3136861 Mon Sep 17 00:00:00 2001 From: Filippo Squillace Date: Mon, 18 Sep 2017 13:45:33 +0200 Subject: [PATCH 1/3] Issue #197: Differences between JuNest and other systems --- README.md | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d5b7cc5..f462dea 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ JuNest ====== -The Arch Linux based distro that runs upon any Linux distros without root access. +The lightweight Arch Linux based distro that runs upon any Linux distros without root access.

Date: Mon, 18 Sep 2017 13:48:34 +0200 Subject: [PATCH 2/3] Issue #195: Check presence of nested env first --- lib/core/chroot.sh | 6 ++++-- lib/core/namespace.sh | 4 ++-- lib/core/proot.sh | 5 ++++- tests/unit-tests/test-chroot.sh | 12 ++++++++++++ tests/unit-tests/test-common.sh | 1 - tests/unit-tests/test-namespace.sh | 6 ++++++ tests/unit-tests/test-proot.sh | 12 ++++++++++++ 7 files changed, 40 insertions(+), 6 deletions(-) diff --git a/lib/core/chroot.sh b/lib/core/chroot.sh index 9a104aa..731739a 100644 --- a/lib/core/chroot.sh +++ b/lib/core/chroot.sh @@ -28,8 +28,6 @@ function _run_env_as_xroot(){ copy_common_files - check_nested_env - JUNEST_ENV=1 $cmd $backend_args "$JUNEST_HOME" "${SH[@]}" "-c" "${main_cmd}" } @@ -52,6 +50,8 @@ function _run_env_as_xroot(){ # - : The command output. ####################################### function run_env_as_groot(){ + check_nested_env + local backend_args="$1" shift @@ -81,6 +81,8 @@ function run_env_as_groot(){ # - : The command output. ####################################### function run_env_as_chroot(){ + check_nested_env + local backend_args="$1" shift diff --git a/lib/core/namespace.sh b/lib/core/namespace.sh index f472a4c..6acd21d 100644 --- a/lib/core/namespace.sh +++ b/lib/core/namespace.sh @@ -46,8 +46,6 @@ function _run_env_with_namespace(){ local backend_args="$1" shift - check_nested_env - provide_common_bindings local bindings=${RESULT} unset RESULT @@ -82,6 +80,8 @@ function _run_env_with_namespace(){ # - : The command output. ####################################### function run_env_with_namespace() { + check_nested_env + local backend_args="$1" shift _check_user_namespace diff --git a/lib/core/proot.sh b/lib/core/proot.sh index f678d9d..21f8a01 100644 --- a/lib/core/proot.sh +++ b/lib/core/proot.sh @@ -12,7 +12,6 @@ function _run_env_with_proot(){ local proot_args="$1" shift - check_nested_env if [ "$1" != "" ] then JUNEST_ENV=1 proot_cmd "${proot_args}" "${SH[@]}" "-c" "$(insert_quotes_on_spaces "${@}")" @@ -60,6 +59,8 @@ function _run_env_with_qemu(){ function run_env_as_fakeroot(){ (( EUID == 0 )) && \ die_on_status $ROOT_ACCESS_ERROR "You cannot access with root privileges. Use --groot option instead." + check_nested_env + local backend_args="$1" shift @@ -93,6 +94,8 @@ function run_env_as_fakeroot(){ function run_env_as_user(){ (( EUID == 0 )) && \ die_on_status $ROOT_ACCESS_ERROR "You cannot access with root privileges. Use --groot option instead." + check_nested_env + local backend_args="$1" shift diff --git a/tests/unit-tests/test-chroot.sh b/tests/unit-tests/test-chroot.sh index aa491e5..7102dd5 100755 --- a/tests/unit-tests/test-chroot.sh +++ b/tests/unit-tests/test-chroot.sh @@ -44,6 +44,12 @@ function test_run_env_as_groot_no_cmd(){ assertEquals "chroot_cmd -b $HOME -b /tmp -b /proc -b /sys -b /dev $JUNEST_HOME /bin/sh --login -c /bin/sh --login" "$(cat $STDOUTF)" } +function test_run_env_as_groot_nested_env(){ + JUNEST_ENV=1 + assertCommandFailOnStatus 106 run_env_as_groot "" + unset JUNEST_ENV +} + function test_run_env_as_groot_cmd_with_backend_args(){ assertCommandSuccess run_env_as_groot "-n -b /home/blah" pwd assertEquals "chroot_cmd -b $HOME -b /tmp -b /proc -b /sys -b /dev -n -b /home/blah $JUNEST_HOME /bin/sh --login -c pwd" "$(cat $STDOUTF)" @@ -59,6 +65,12 @@ function test_run_env_as_chroot_no_cmd(){ assertEquals "chroot_cmd $JUNEST_HOME /bin/sh --login -c /bin/sh --login" "$(cat $STDOUTF)" } +function test_run_env_as_choot_nested_env(){ + JUNEST_ENV=1 + assertCommandFailOnStatus 106 run_env_as_chroot "" + unset JUNEST_ENV +} + function test_run_env_as_chroot_cmd_with_backend_args(){ assertCommandSuccess run_env_as_chroot "-n -b /home/blah" pwd assertEquals "chroot_cmd -n -b /home/blah $JUNEST_HOME /bin/sh --login -c pwd" "$(cat $STDOUTF)" diff --git a/tests/unit-tests/test-common.sh b/tests/unit-tests/test-common.sh index cfa3475..dfff6f4 100755 --- a/tests/unit-tests/test-common.sh +++ b/tests/unit-tests/test-common.sh @@ -164,7 +164,6 @@ function test_proot_cmd_seccomp(){ env | grep "^PROOT_NO_SECCOMP" } PROOT=envv - local output=$(proot_cmd | grep "^PROOT_NO_SECCOMP") assertCommandSuccess proot_cmd cmd # The variable PROOT_NO_SECCOMP will be produced # twice due to the fallback mechanism diff --git a/tests/unit-tests/test-namespace.sh b/tests/unit-tests/test-namespace.sh index 811cfef..c4e0f8d 100755 --- a/tests/unit-tests/test-namespace.sh +++ b/tests/unit-tests/test-namespace.sh @@ -110,4 +110,10 @@ function test_run_env_with_namespace_with_bindings_and_command() { _test_copy_remaining_files } +function test_run_env_with_namespace_nested_env(){ + JUNEST_ENV=1 + assertCommandFailOnStatus 106 run_env_with_namespace "" + unset JUNEST_ENV +} + source $JUNEST_ROOT/tests/utils/shunit2 diff --git a/tests/unit-tests/test-proot.sh b/tests/unit-tests/test-proot.sh index 6640035..cb2d35c 100755 --- a/tests/unit-tests/test-proot.sh +++ b/tests/unit-tests/test-proot.sh @@ -62,6 +62,12 @@ function test_run_env_as_user(){ _test_copy_remaining_files } +function test_run_env_as_user_nested_env(){ + JUNEST_ENV=1 + assertCommandFailOnStatus 106 run_env_as_user "" + unset JUNEST_ENV +} + function test_run_env_as_fakeroot(){ _run_env_with_qemu() { echo $@ @@ -76,6 +82,12 @@ function test_run_env_as_fakeroot(){ _test_copy_common_files } +function test_run_env_as_fakeroot_nested_env(){ + JUNEST_ENV=1 + assertCommandFailOnStatus 106 run_env_as_fakeroot "" + unset JUNEST_ENV +} + function test_run_env_with_quotes(){ _run_env_with_qemu() { echo $@ From d858d577c86e654cd4b5e43638c3eb68dd273d7c Mon Sep 17 00:00:00 2001 From: Filippo Squillace Date: Mon, 18 Sep 2017 14:56:16 +0200 Subject: [PATCH 3/3] Fix checks for updating Arch Linux keyrings --- README.md | 4 ++-- lib/checks/check.sh | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index f462dea..4d888a6 100644 --- a/README.md +++ b/README.md @@ -46,13 +46,13 @@ The main advantages on using JuNest are: JuNest follows the [Arch Linux philosophy](https://wiki.archlinux.org/index.php/The_Arch_Way). -How different JuNest is from Docker and Vagrant? +How different is JuNest from Docker and Vagrant? ------------------------------------------------ Although JuNest sounds similar to a virtualisation/Linux container -like system, JuNest differentiate a lot between Docker and Vagrant. In fact, the purpose of JuNest is **not** to build a complete isolated environment but, conversely, is the ability to run -programs as they are running natively from the host OS. Almost everything is shared +programs as they were running natively from the host OS. Almost everything is shared between host OS and the JuNest sandbox (kernel, process subtree, network, mounting, etc) and only the root filesystem gets isolated (as the programs installed in JuNest need to reside elsewhere). diff --git a/lib/checks/check.sh b/lib/checks/check.sh index 7f38937..e361913 100755 --- a/lib/checks/check.sh +++ b/lib/checks/check.sh @@ -32,7 +32,11 @@ info "Validating JuNest located in ${JUNEST_HOME}..." info "Initial JuNest setup..." echo "Server = ${DEFAULT_MIRROR}" >> /etc/pacman.d/mirrorlist -pacman --noconfirm -Syyu +pacman --noconfirm -Syy +pacman --noconfirm -S archlinux-keyring +pacman-key --init +pacman-key --populate archlinux +pacman --noconfirm -Su pacman --noconfirm -S grep coreutils pacman --noconfirm -S $(pacman -Sg base-devel | cut -d ' ' -f 2 | grep -v sudo)