runshare 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: cb0cad2d91fecadd6f8e1b1068f37cf8c4a44623
+  data.tar.gz: 67fdb4217e143f4e0fe1673807bd34fa42836885
+SHA512:
+  metadata.gz: 9f93b3354a8a51d911895fd367092a8773bfed1c98efa515e09ab250034fe498fd03cb75add6b461b975a55db0031a273fbeacc8462f9f866a67bd5fbfacdbf1
+  data.tar.gz: cf463e5f29ed3f93cdf8b6c3df53077c70a2cc4db846a534c3374ab8a4e911a9fdbe289eaf4ca709a7291216141c0dbf4a510fdd13d0efa9835e4835cdf26bba

data/.gitignore

@@ -0,0 +1,21 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/.idea/
+.tool-versions
+CMakeLists.txt
+/cmake-build-debug/
+
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.travis.yml

@@ -0,0 +1,7 @@
+---
+sudo: false
+language: ruby
+cache: bundler
+rvm:
+  - 2.4.10
+before_install: gem install bundler -v 1.17.3

data/Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in runshare.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,38 @@
+PATH
+  remote: .
+  specs:
+    runshare (0.1.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    diff-lcs (1.4.4)
+    rake (10.5.0)
+    rake-compiler (1.1.1)
+      rake
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-support (3.10.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.17)
+  runshare!
+  rake (~> 10.0)
+  rake-compiler
+  rspec (~> 3.0)
+
+BUNDLED WITH
+   1.17.3

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2021 Ivan Prisyazhnyy
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,103 @@
+# ruby unshare (runshare)
+
+This tool allows to unshare Linux namespaces.
+The implementation is similar to the unshare(1) tool.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+    gem 'runshare'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install runshare
+
+## Usage
+
+    > require "runshare"
+    > RUnshare::unshare
+
+For example:
+
+    cat > test.rb
+
+    require "runshare"
+
+    pid = RUnshare::unshare(
+      :clone_newpid    => true,
+      :clone_newns     => true,
+      :clone_newcgroup => true,
+      :clone_newipc    => true,
+      :clone_newuts    => true,
+      :clone_newnet    => true,
+      :clone_newtime   => true,
+      :fork            => true,
+      :mount_proc      => "/proc",
+      # docker export $(docker create hello-world) | tar -xf - -C rootfs
+      :root            => "/tmp/rootfs"
+    )
+
+    if pid == 0
+      # child
+      puts "--- #{Process.pid}"
+      if system("/hello") != true
+        raise "bad"
+      end
+      puts "--- done"
+    else
+      # parent
+      puts "-- unshare=#{pid}, pid=#{Process.pid}"
+      puts "-- exit=#{Process.waitpid(pid)}"
+    end
+
+    ^D
+
+    sudo ruby -I ./lib ./test.rb
+
+## Quick start
+
+    $ rake compile && echo 'require "runshare"; RUnshare::unshare(:clone_newuts => true)' | irb
+    install -c tmp/x86_64-linux/runshare/2.4.10/runshare.so lib/runshare/runshare.so
+    cp tmp/x86_64-linux/runshare/2.4.10/runshare.so tmp/x86_64-linux/stage/lib/runshare/runshare.so
+    Switch to inspect mode.
+    require "runshare"; RUnshare::unshare
+
+## Ruby <2.5
+
+If your app is single threaded and you are observing:
+
+    eval:1: warning: pthread_create failed for timer: Invalid argument, scheduling broken
+
+Just ignore it with some degree of bravity. You also
+can silence it by setting:
+
+    $VERBOSE = nil
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies.
+Then, run `rake spec` to run the tests.
+You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`.
+To release a new version, update the version number in `version.rb`,
+and then run `bundle exec rake release`, which will create a git tag
+for the version, push git commits and tags, and push the `.gem` file
+to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/sitano/runshare.
+This project is intended to be a safe, welcoming space for collaboration,
+and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,14 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+require "rake/extensiontask"
+
+task :build => :compile
+
+Rake::ExtensionTask.new("runshare") do |ext|
+  ext.lib_dir = "lib/runshare"
+end
+
+task :default => [:clobber, :compile, :spec]

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "runshare"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/ext/runshare/extconf.rb

@@ -0,0 +1,33 @@
+require "mkmf"
+
+append_cflags('-D_GNU_SOURCE')
+append_cflags('-DPACKAGE_STRING="\"runshare\""')
+append_cflags('-Wno-discarded-qualifiers')
+
+if have_func("nanosleep", "time.h")
+    $defs.push("-DHAVE_NANOSLEEP")
+elsif have_func("usleep", "time.h")
+    $defs.push("-DHAVE_USLEEP")
+end
+
+if have_func("fsync", "unistd.h")
+    $defs.push("-DHAVE_FSYNC")
+end
+
+if have_func("vasprintf", "stdio.h")
+    $defs.push("-DHAVE_VASPRINTF")
+end
+
+if have_func("unshare", "sys/syscall.h")
+    $defs.push("-DHAVE_UNSHARE")
+end
+if have_func("setns", "sys/syscall.h")
+    $defs.push("-DHAVE_SETNS")
+end
+if have_func("err", "err.h")
+    $defs.push("-DHAVE_ERR_H")
+end
+
+$srcs = ["runshare.c", "unshare.c"]
+
+create_makefile("runshare/runshare")

data/ext/runshare/include/all-io.h

@@ -0,0 +1,115 @@
+/*
+ * No copyright is claimed.  This code is in the public domain; do with
+ * it what you wish.
+ *
+ * Written by Karel Zak <kzak@redhat.com>
+ *            Petr Uzel <petr.uzel@suse.cz>
+ */
+
+#ifndef UTIL_LINUX_ALL_IO_H
+#define UTIL_LINUX_ALL_IO_H
+
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/types.h>
+#ifdef HAVE_SYS_SENDFILE_H
+# include <sys/sendfile.h>
+#endif
+
+#include "c.h"
+
+static inline int write_all(int fd, const void *buf, size_t count)
+{
+	while (count) {
+		ssize_t tmp;
+
+		errno = 0;
+		tmp = write(fd, buf, count);
+		if (tmp > 0) {
+			count -= tmp;
+			if (count)
+				buf = (const void *) ((const char *) buf + tmp);
+		} else if (errno != EINTR && errno != EAGAIN)
+			return -1;
+		if (errno == EAGAIN)	/* Try later, *sigh* */
+			xusleep(250000);
+	}
+	return 0;
+}
+
+static inline int fwrite_all(const void *ptr, size_t size,
+			     size_t nmemb, FILE *stream)
+{
+	while (nmemb) {
+		size_t tmp;
+
+		errno = 0;
+		tmp = fwrite(ptr, size, nmemb, stream);
+		if (tmp > 0) {
+			nmemb -= tmp;
+			if (nmemb)
+				ptr = (const void *) ((const char *) ptr + (tmp * size));
+		} else if (errno != EINTR && errno != EAGAIN)
+			return -1;
+		if (errno == EAGAIN)	/* Try later, *sigh* */
+			xusleep(250000);
+	}
+	return 0;
+}
+
+static inline ssize_t read_all(int fd, char *buf, size_t count)
+{
+	ssize_t ret;
+	ssize_t c = 0;
+	int tries = 0;
+
+	memset(buf, 0, count);
+	while (count > 0) {
+		ret = read(fd, buf, count);
+		if (ret < 0) {
+			if ((errno == EAGAIN || errno == EINTR) && (tries++ < 5)) {
+				xusleep(250000);
+				continue;
+			}
+			return c ? c : -1;
+		}
+		if (ret == 0)
+			return c;
+		tries = 0;
+		count -= ret;
+		buf += ret;
+		c += ret;
+	}
+	return c;
+}
+
+static inline ssize_t sendfile_all(int out, int in, off_t *off, size_t count)
+{
+#if defined(HAVE_SENDFILE) && defined(__linux__)
+	ssize_t ret;
+	ssize_t c = 0;
+	int tries = 0;
+	while (count) {
+		ret = sendfile(out, in, off, count);
+		if (ret < 0) {
+			if ((errno == EAGAIN || errno == EINTR) && (tries++ < 5)) {
+				xusleep(250000);
+				continue;
+			}
+			return c ? c : -1;
+		}
+		if (ret == 0)
+			return c;
+		tries = 0;
+		count -= ret;
+		c += ret;
+	}
+	return c;
+#else
+	errno = ENOSYS;
+	return -1;
+#endif
+}
+
+#endif /* UTIL_LINUX_ALL_IO_H */