diff --git a/README.md b/README.md index 48337a6..29d9df5 100644 --- a/README.md +++ b/README.md @@ -144,6 +144,9 @@ first: ```sh pacman -Sy --ignore sudo base-devel +:: sudo is in IgnorePkg/IgnoreGroup. Install anyway? [Y/n] n +... +... ``` JuNest uses a modified version of `sudo`. That's why the original `sudo` diff --git a/lib/core/namespace.sh b/lib/core/namespace.sh index 45c7c09..c80b80d 100644 --- a/lib/core/namespace.sh +++ b/lib/core/namespace.sh @@ -10,6 +10,7 @@ # # vim: ft=sh +COMMON_BWRAP_OPTION="--bind "$JUNEST_HOME" / --bind "$HOME" "$HOME" --bind /tmp /tmp --bind /sys /sys --bind /proc /proc --dev-bind-try /dev /dev --unshare-user-try" CONFIG_PROC_FILE="/proc/config.gz" CONFIG_BOOT_FILE="/boot/config-$($UNAME -r)" PROC_USERNS_CLONE_FILE="/proc/sys/kernel/unprivileged_userns_clone" @@ -94,7 +95,7 @@ function run_env_as_bwrap_fakeroot(){ local args=() [[ "$1" != "" ]] && args=("-c" "$(insert_quotes_on_spaces "${@}")") - JUNEST_ENV=1 "$backend_command" --bind "$JUNEST_HOME" / --bind "$HOME" "$HOME" --bind /tmp /tmp --proc /proc --dev /dev --unshare-user-try --uid 0 --gid 0 $backend_args sudo "${DEFAULT_SH[@]}" "${args[@]}" + JUNEST_ENV=1 "$backend_command" $COMMON_BWRAP_OPTION --uid 0 --gid 0 $backend_args sudo "${DEFAULT_SH[@]}" "${args[@]}" } @@ -141,7 +142,7 @@ function run_env_as_bwrap_user() { local args=() [[ "$1" != "" ]] && args=("-c" "$(insert_quotes_on_spaces "${@}")") - JUNEST_ENV=1 "$backend_command" --bind "$JUNEST_HOME" / --bind "$HOME" "$HOME" --bind /tmp /tmp --proc /proc --dev /dev --unshare-user-try $backend_args "${DEFAULT_SH[@]}" "${args[@]}" + JUNEST_ENV=1 "$backend_command" $COMMON_BWRAP_OPTION $backend_args "${DEFAULT_SH[@]}" "${args[@]}" } diff --git a/tests/unit-tests/test-namespace.sh b/tests/unit-tests/test-namespace.sh index e24311f..d2cafd9 100755 --- a/tests/unit-tests/test-namespace.sh +++ b/tests/unit-tests/test-namespace.sh @@ -104,21 +104,21 @@ function test_is_user_namespace_enabled_with_userns_clone_file_enabled(){ function test_run_env_as_bwrap_fakeroot() { assertCommandSuccess run_env_as_bwrap_fakeroot "" "" "false" - assertEquals "bwrap --bind $JUNEST_HOME / --bind $HOME $HOME --bind /tmp /tmp --proc /proc --dev /dev --unshare-user-try --uid 0 --gid 0 sudo /bin/sh --login" "$(cat $STDOUTF)" + assertEquals "bwrap $COMMON_BWRAP_OPTION --uid 0 --gid 0 sudo /bin/sh --login" "$(cat $STDOUTF)" _test_copy_common_files } function test_run_env_as_bwrap_fakeroot_with_backend_command() { assertCommandSuccess run_env_as_bwrap_fakeroot "mybwrap" "" "false" - assertEquals "mybwrap --bind $JUNEST_HOME / --bind $HOME $HOME --bind /tmp /tmp --proc /proc --dev /dev --unshare-user-try --uid 0 --gid 0 sudo /bin/sh --login" "$(cat $STDOUTF)" + assertEquals "mybwrap $COMMON_BWRAP_OPTION --uid 0 --gid 0 sudo /bin/sh --login" "$(cat $STDOUTF)" _test_copy_common_files } function test_run_env_as_bwrap_user() { assertCommandSuccess run_env_as_bwrap_user "" "" "false" - assertEquals "bwrap --bind $JUNEST_HOME / --bind $HOME $HOME --bind /tmp /tmp --proc /proc --dev /dev --unshare-user-try /bin/sh --login" "$(cat $STDOUTF)" + assertEquals "bwrap $COMMON_BWRAP_OPTION /bin/sh --login" "$(cat $STDOUTF)" _test_copy_common_files _test_copy_remaining_files @@ -126,7 +126,7 @@ function test_run_env_as_bwrap_user() { function test_run_env_as_bwrap_user_with_backend_command() { assertCommandSuccess run_env_as_bwrap_user "mybwrap" "" "false" - assertEquals "mybwrap --bind $JUNEST_HOME / --bind $HOME $HOME --bind /tmp /tmp --proc /proc --dev /dev --unshare-user-try /bin/sh --login" "$(cat $STDOUTF)" + assertEquals "mybwrap $COMMON_BWRAP_OPTION /bin/sh --login" "$(cat $STDOUTF)" _test_copy_common_files _test_copy_remaining_files @@ -134,7 +134,7 @@ function test_run_env_as_bwrap_user_with_backend_command() { function test_run_env_as_bwrap_fakeroot_no_copy() { assertCommandSuccess run_env_as_bwrap_fakeroot "" "" "true" "" - assertEquals "bwrap --bind $JUNEST_HOME / --bind $HOME $HOME --bind /tmp /tmp --proc /proc --dev /dev --unshare-user-try --uid 0 --gid 0 sudo /bin/sh --login" "$(cat $STDOUTF)" + assertEquals "bwrap $COMMON_BWRAP_OPTION --uid 0 --gid 0 sudo /bin/sh --login" "$(cat $STDOUTF)" [[ ! -e ${JUNEST_HOME}/etc/hosts ]] assertEquals 0 $? @@ -160,7 +160,7 @@ function test_run_env_as_bwrap_fakeroot_no_copy() { function test_run_env_as_bwrap_user_no_copy() { assertCommandSuccess run_env_as_bwrap_user "" "" "true" "" - assertEquals "bwrap --bind $JUNEST_HOME / --bind $HOME $HOME --bind /tmp /tmp --proc /proc --dev /dev --unshare-user-try /bin/sh --login" "$(cat $STDOUTF)" + assertEquals "bwrap $COMMON_BWRAP_OPTION /bin/sh --login" "$(cat $STDOUTF)" [[ ! -e ${JUNEST_HOME}/etc/hosts ]] assertEquals 0 $? @@ -186,14 +186,14 @@ function test_run_env_as_bwrap_user_no_copy() { function test_run_env_as_bwrap_fakeroot_with_backend_args() { assertCommandSuccess run_env_as_bwrap_fakeroot "" "--bind /usr /usr" "false" - assertEquals "bwrap --bind $JUNEST_HOME / --bind $HOME $HOME --bind /tmp /tmp --proc /proc --dev /dev --unshare-user-try --uid 0 --gid 0 --bind /usr /usr sudo /bin/sh --login" "$(cat $STDOUTF)" + assertEquals "bwrap $COMMON_BWRAP_OPTION --uid 0 --gid 0 --bind /usr /usr sudo /bin/sh --login" "$(cat $STDOUTF)" _test_copy_common_files } function test_run_env_as_bwrap_user_with_backend_args() { assertCommandSuccess run_env_as_bwrap_user "" "--bind /usr /usr" "false" - assertEquals "bwrap --bind $JUNEST_HOME / --bind $HOME $HOME --bind /tmp /tmp --proc /proc --dev /dev --unshare-user-try --bind /usr /usr /bin/sh --login" "$(cat $STDOUTF)" + assertEquals "bwrap $COMMON_BWRAP_OPTION --bind /usr /usr /bin/sh --login" "$(cat $STDOUTF)" _test_copy_common_files _test_copy_remaining_files @@ -201,14 +201,14 @@ function test_run_env_as_bwrap_user_with_backend_args() { function test_run_env_as_bwrap_fakeroot_with_command() { assertCommandSuccess run_env_as_bwrap_fakeroot "" "" "false" "ls -la" - assertEquals "bwrap --bind $JUNEST_HOME / --bind $HOME $HOME --bind /tmp /tmp --proc /proc --dev /dev --unshare-user-try --uid 0 --gid 0 sudo /bin/sh --login -c \"ls -la\"" "$(cat $STDOUTF)" + assertEquals "bwrap $COMMON_BWRAP_OPTION --uid 0 --gid 0 sudo /bin/sh --login -c \"ls -la\"" "$(cat $STDOUTF)" _test_copy_common_files } function test_run_env_as_bwrap_user_with_command() { assertCommandSuccess run_env_as_bwrap_user "" "" "false" "ls -la" - assertEquals "bwrap --bind $JUNEST_HOME / --bind $HOME $HOME --bind /tmp /tmp --proc /proc --dev /dev --unshare-user-try /bin/sh --login -c \"ls -la\"" "$(cat $STDOUTF)" + assertEquals "bwrap $COMMON_BWRAP_OPTION /bin/sh --login -c \"ls -la\"" "$(cat $STDOUTF)" _test_copy_common_files _test_copy_remaining_files @@ -216,14 +216,14 @@ function test_run_env_as_bwrap_user_with_command() { function test_run_env_as_bwrap_fakeroot_with_backend_args_and_command() { assertCommandSuccess run_env_as_bwrap_fakeroot "" "--bind /usr /usr" "false" "ls -la" - assertEquals "bwrap --bind $JUNEST_HOME / --bind $HOME $HOME --bind /tmp /tmp --proc /proc --dev /dev --unshare-user-try --uid 0 --gid 0 --bind /usr /usr sudo /bin/sh --login -c \"ls -la\"" "$(cat $STDOUTF)" + assertEquals "bwrap $COMMON_BWRAP_OPTION --uid 0 --gid 0 --bind /usr /usr sudo /bin/sh --login -c \"ls -la\"" "$(cat $STDOUTF)" _test_copy_common_files } function test_run_env_as_bwrap_user_with_backend_args_and_command() { assertCommandSuccess run_env_as_bwrap_user "" "--bind /usr /usr" "false" "ls -la" - assertEquals "bwrap --bind $JUNEST_HOME / --bind $HOME $HOME --bind /tmp /tmp --proc /proc --dev /dev --unshare-user-try --bind /usr /usr /bin/sh --login -c \"ls -la\"" "$(cat $STDOUTF)" + assertEquals "bwrap $COMMON_BWRAP_OPTION --bind /usr /usr /bin/sh --login -c \"ls -la\"" "$(cat $STDOUTF)" _test_copy_common_files _test_copy_remaining_files