Unshare/subuid handling

Buildah is too slow for our usecase. Handle userns setup ourselves, so
we can call runc directly.

1 files changed, 38 insertions, 4 deletions

diff --git a/src/main.rs b/src/main.rs
index 72178be..8d4787d 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,12 +1,47 @@
 mod executor;
+mod prepared_command;
 mod recipe;
 mod resolve;
 mod runner;
 mod types;
+mod unshare;
+mod util;
 
-use std::path::Path;
+use nix::{
+	mount::{self, MsFlags},
+	unistd,
+};
+use std::{io::Result, path::Path};
 
 use types::*;
+use util::ToIOResult;
+
+fn mount_buildtmp() -> Result<()> {
+	mount::mount::<_, _, _, str>(
+		Some("buildtmp"),
+		"build/tmp",
+		Some("tmpfs"),
+		MsFlags::empty(),
+		None,
+	)
+	.to_io_result()
+}
+
+fn exec_shell() -> Result<std::convert::Infallible> {
+	let bin_sh = std::ffi::CString::new("/bin/sh").unwrap();
+	unistd::execv(&bin_sh, &[&bin_sh]).to_io_result()
+}
+
+fn execute(mut exc: executor::Executor) -> Result<()> {
+	unshare::unshare()?;
+	mount_buildtmp()?;
+
+	exc.run()?;
+
+	exec_shell()?;
+
+	Ok(())
+}
 
 fn main() {
 	let recipes = recipe::read_recipes(Path::new("examples")).unwrap();
@@ -29,10 +64,9 @@ fn main() {
 		std::process::exit(1);
 	}
 	let taskset = rsv.to_taskset();
-	let mut executor = executor::Executor::new(&tasks, taskset);
+	let exc = executor::Executor::new(&tasks, taskset);
 
-	let result = executor.run();
-	if let Err(error) = result {
+	if let Err(error) = execute(exc) {
 		eprintln!("{}", error);
 		std::process::exit(1);
 	}