view release on metacpan or  search on metacpan

lib/App/Hako.pm  view on Meta::CPAN

    my $NS = CLONE_NEWUSER|CLONE_NEWNS;
    GetOptionsFromArray(\@_,
        "help|h|?" => \&usage,
        "net|n" => sub { $NS |= CLONE_NEWNET },
    ) or usage();
    my ($box, @cmd) = @_;
    usage() unless $box and @cmd;
    chdir $box or die "cannot enter $box: $!\n";

    my $uid = $>;
    my ($gid) = split " ", $);
    syscall(SYS_unshare, $NS);
    map_my_id($uid, $gid);
    bind_mount($box, $ENV{HOME});
    chdir or die "cannot go home: $!\n";
    exec @cmd;
    die "exec failed: $!\n";
}

sub bind_mount {
    my ($src, $tgt) = @_;
    my $dummy = "ignore me";
    syscall(SYS_mount, $src, $tgt, $dummy, MS_BIND, $dummy);
}

sub map_my_id {
    my ($uid, $gid) = @_;
    proc_write(setgroups => "deny");
    proc_write(uid_map => "$uid $uid 1");
    proc_write(gid_map => "$gid $gid 1");
}

sub proc_write ($$) {
    my ($file, $data) = @_;
    open my $pf, ">", "/proc/self/$file" or die "cannot open $file: $!\n";
    print {$pf} $data or die "cannot write to $file: $!\n";
    close $pf or die "failed to close $file: $!\n";
}

1;