aboutsummaryrefslogtreecommitdiff
path: root/src/connection/chroot.lisp
Commit message (Collapse)AuthorAge
* fix FSTAB:HAS-ENTRIES-FOR-OPENED-VOLUMES for FAT32 filesystemsSean Whitton2022-06-24
| | | | | | | | The property should never have been calling SUBVOLUMES-OF-TYPE because opening volumes does not ever update the VOLUME-CONTENTS slot to contain OPENED-VOLUME values. The structure of the OPENED-VOLUMES connattr is that of a flat list. Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* rename connattr :OPENED-VOLUMES -> DISK:OPENED-VOLUMESSean Whitton2022-04-28
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* convert *LINUX-{BASIC,EFIVARS}-VFS* -> +LINUX-{BASIC,EFIVARS}-VFS+Sean Whitton2022-04-16
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* drop plus signs & use underscores in C preprocessor constantsSean Whitton2022-04-16
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* REHOME-CONNECTION: rename slot DATADIR -> REHOME-DATADIRSean Whitton2022-04-13
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* rename CONNECTION-TEARDOWN -> CONNECTION-TEAR-DOWNSean Whitton2022-04-02
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* rename *STANDARD-LINUX-VFS* -> *LINUX-BASIC-VFS*Sean Whitton2022-04-01
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* replace ESCAPE-SH-TOKEN and ESCAPE-SH-COMMAND with new SH-ESCAPESean Whitton2022-03-11
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* add "local" and "remote" to the names of some exported symbolsSean Whitton2022-03-09
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* add LXC properties, :LXC{,-UNPRIV-ATTACH} connections, WITH-HOMEDIRSean Whitton2021-11-08
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* add & propagate :NO-SERVICES connattr and respect in LIBVIRT:STARTEDSean Whitton2021-10-29
| | | | | | | | | | | | | | | | | This change was prompted by the realisation that RECONNECTS nullifies any enclosing SERVICE:WITHOUT-STARTING-SERVICES because *HOST* during RECONNECTS is a distinct HOST value, computed at hostattrs time, which can't be affected by an enclosing combinator that works by temporarily pushing hostattrs at :APPLY time. So, for example, if we chroot and subsequently establish a :SETUID connection, properties might try to start services as the non-root user and there is no way for them to know they shouldn't. We can avoid this problem by using a connattr instead because we have a mechanism for propagating connattrs to subsequently established connections. And as in most cases the reason for not starting services is solely due to the way in which we're connecting to the host, a connattr is more appropriate. Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* rename :XDG-CACHE-HOME connattr to :XDG_CACHE_HOMESean Whitton2021-10-23
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* :CHROOT.FORK: unshare mount namespace before making temporary mountsSean Whitton2021-10-23
| | | | | | | | | This avoids some cases of interference between the deployment of the chroot and other system activity. For example, before this change, the :ALWAYS-DEPLOYS option to LIBVIRT:KVM-BOOTS-CHROOT{,-FOR} could interact with Virtiofs in such a way as to break the running VM. Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* add DEFINE-ERROR-RETVAL-CFUN, CHROOT, CLEARENVSean Whitton2021-10-21
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* use CFFI, mostly via Osicat, for all syscalls/libc except fork(2)Sean Whitton2021-09-09
| | | | | | | | | | Also replace some calls to chmod(1) with calls to chmod(2). Using CFFI rather than implementation-specific wrappers should be better for portability. Also with this commit we stop hard coding types like uid_t as :UNSIGNED-INT, which was less portable. Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* add dep on Anaphora and use APROG1, ALET & AAND in various placesSean Whitton2021-09-08
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* cache XDG_CACHE_HOME as a connattrSean Whitton2021-08-31
| | | | | | This should provide a performance improvement. Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* return type in FOREIGN-FUNCALL of geteuid(2) is unsignedSean Whitton2021-07-24
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* UNWIND-PROTECT-IN-PARENT -> UNWIND-PROTECTSean Whitton2021-07-24
| | | | | | No longer needed thanks to f4e9170e73cb4bcfa7328422b4ff4f72d1339dd0. Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* new approach to calling fork(2) in remote Lisp imagesSean Whitton2021-07-24
| | | | | | | | | | | Drop CAN-PROBABLY-FORK because we now only try to fork(2) in contexts in which there shouldn't ever be any other threads running, apart from Lisp implementation finaliser threads and the like. We no longer need to RESET-DATA-SOURCES before CONTINUE-DEPLOY* because we now only fork(2) in contexts in which *NO-DATA-SOURCES* is t. Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* factor out MOUNTPOINTPSean Whitton2021-07-10
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* move /run out from MOUNT:*STANDARD-LINUX-VFS*Sean Whitton2021-07-10
| | | | | | Bind-mounting /run is really a chroot connection-specific operation. Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* chroot connections: unmount lazilySean Whitton2021-07-10
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* fix manpage sections for mount(8), umount(8) and findmnt(8)Sean Whitton2021-07-06
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* factor out MOUNT:*{STANDARD-LINUX,LINUX-EFIVARS}-VFS*Sean Whitton2021-07-06
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* chroot mounts: assert that /dev is udev devtmpfsSean Whitton2021-07-06
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* restore STRIPLN when finding the datadir inside chrootSean Whitton2021-05-31
| | | | | | Accidentally removed in b914693a33ffcf0764ea9bc87bcc573e5ddf9943. Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* drop two unnecessary package name qualificationsSean Whitton2021-05-25
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* convert CONNECTION slots to connattrs & fix finding homedirsSean Whitton2021-05-23
| | | | | | | | | | | | HOME does not take into account /etc/passwd inside the chroot, even when starting a login shell with, e.g., "chroot /chroot sh -lc 'echo $HOME'" -- we would need something which emulates login(1), like su(1), but the -c argument to su(1) is not portable. getent(1) is not POSIX. So use tilde expansion. Additionally, avoid having UPLOAD-ALL-PREREQUISITE-DATA store values for the remote UID, remote homedir etc. from *before* the chroot/setuid operation. Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* fix finding the data cache in chrootsSean Whitton2021-05-10
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* reflect *MOUNT-BELOW* in OPENED-FILESYSTEM valuesSean Whitton2021-04-30
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* chroot connections: set up bind mounts and virtual filesystemsSean Whitton2021-04-30
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* one package for :CHROOT, :CHROOT.FORK and :CHROOT.SHELLSean Whitton2021-04-30
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* move CAN-PROBABLY-FORK to CONNECTION.FORKSean Whitton2021-03-23
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* untabifySean Whitton2021-03-22
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* add and use :CONSFIGURATOR named readtableSean Whitton2021-03-20
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* fix check for other threads on SBCLSean Whitton2021-03-19
| | | | Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
* add :CHROOT and :CHROOT.SHELL connection typesSean Whitton2021-02-27
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-18 02:00:49 +0000