view release on metacpan or  search on metacpan

lib/App/Hako.pm  view on Meta::CPAN

        "net|n" => sub { $NS |= CLONE_NEWNET },
    ) or usage();
    my ($box, @cmd) = @_;
    usage() unless $box and @cmd;
    chdir $box or die "cannot enter $box: $!\n";

    my $uid = $>;
    my ($gid) = split " ", $);
    syscall(SYS_unshare, $NS);
    map_my_id($uid, $gid);
    bind_mount($box, $ENV{HOME});
    chdir or die "cannot go home: $!\n";
    exec @cmd;
    die "exec failed: $!\n";
}

sub bind_mount {
    my ($src, $tgt) = @_;
    my $dummy = "ignore me";
    syscall(SYS_mount, $src, $tgt, $dummy, MS_BIND, $dummy);
}

sub map_my_id {
    my ($uid, $gid) = @_;
    proc_write(setgroups => "deny");
    proc_write(uid_map => "$uid $uid 1");
    proc_write(gid_map => "$gid $gid 1");