diff --git a/README.rst b/README.rst index 5c068b7..f2935fb 100644 --- a/README.rst +++ b/README.rst @@ -23,13 +23,15 @@ Get me started! installed. a. Alternatively, run ``./rootfs.py --chroot`` to run it in a chroot. - b. Alternatively, run ``./rootfs.py`` but don’t run the actual + b. Alternatively, run ``./rootfs.py --bwrap`` to run it in a bubblewrap + sandbox. When user namespaces are supported, this mode is rootless. + c. Alternatively, run ``./rootfs.py`` but don’t run the actual virtualization and instead copy sysa/tmp/initramfs to a USB or some other device and boot from bare metal. NOTE: we now require a hard drive. This is currently hardcoded as sda. You also need to put ``sysc/tmp/disk.img`` onto your sda on the bootstrapping machine. - c. Alternatively, do not use python at all, see "Python-less build" + d. Alternatively, do not use python at all, see "Python-less build" below. 5. Wait. diff --git a/rootfs.py b/rootfs.py index 33273d5..a1d4907 100755 --- a/rootfs.py +++ b/rootfs.py @@ -7,6 +7,7 @@ you can run bootstap inside chroot. """ # SPDX-License-Identifier: GPL-3.0-or-later +# SPDX-FileCopyrightText: 2022 Dor Askayo # SPDX-FileCopyrightText: 2021 Andrius Štikonas # SPDX-FileCopyrightText: 2021 Bastian Bittorf # SPDX-FileCopyrightText: 2021 Melg Eight @@ -30,7 +31,7 @@ def create_configuration_file(args): config_path = os.path.join('sysa', 'bootstrap.cfg') with open(config_path, "w", encoding="utf_8") as config: config.write("FORCE_TIMESTAMPS=" + str(args.force_timestamps) + "\n") - config.write("CHROOT=" + str(args.chroot) + "\n") + config.write("CHROOT=" + str(args.chroot or args.bwrap) + "\n") config.write("UPDATE_CHECKSUMS=" + str(args.update_checksums) + "\n") config.write("DISK=sda1\n") @@ -45,6 +46,8 @@ def main(): default="x86") parser.add_argument("-c", "--chroot", help="Run inside chroot", action="store_true") + parser.add_argument("-bw", "--bwrap", help="Run inside a bwrap sandbox", + action="store_true") parser.add_argument("-p", "--preserve", help="Do not remove temporary dir", action="store_true") parser.add_argument("-t", "--tmpdir", help="Temporary directory") @@ -81,6 +84,8 @@ def main(): count += 1 if args.chroot: count += 1 + if args.bwrap: + count += 1 if args.minikernel: count += 1 if args.bare_metal: @@ -139,6 +144,38 @@ print(shutil.which('chroot')) init = os.path.join(os.sep, 'bootstrap-seeds', 'POSIX', arch, 'kaem-optional-seed') run('sudo', 'env', '-i', 'PATH=/bin', chroot_binary, system_a.tmp_dir, init) + elif args.bwrap: + system_c.prepare(mount_tmpfs=False, + create_disk_image=False) + system_a.prepare(mount_tmpfs=False, + copy_sysc=True, + create_initramfs=False) + + # sysa + arch = stage0_arch_map.get(args.arch, args.arch) + init = os.path.join(os.sep, 'bootstrap-seeds', 'POSIX', arch, 'kaem-optional-seed') + run('bwrap', '--unshare-user', + '--uid', '0', + '--gid', '0', + '--cap-add', 'CAP_SYS_CHROOT', # Required for chroot from sysa to sysc + '--clearenv', + '--setenv', 'PATH', '/usr/bin', + '--bind', system_a.tmp_dir, '/', + '--dir', '/dev', + '--dev-bind', '/dev/null', '/dev/null', + '--dev-bind', '/dev/zero', '/dev/zero', + '--dev-bind', '/dev/random', '/dev/random', + '--dev-bind', '/dev/urandom', '/dev/urandom', + '--dir', '/sysc/dev', + '--dev-bind', '/dev/null', '/sysc/dev/null', + '--dev-bind', '/dev/zero', '/sysc/dev/zero', + '--dev-bind', '/dev/random', '/sysc/dev/random', + '--dev-bind', '/dev/urandom', '/sysc/dev/urandom', + '--proc', '/sysc/proc', + '--bind', '/sys', '/sysc/sys', + '--tmpfs', '/sysc/tmp', + init) + elif args.minikernel: if os.path.isdir('kritis-linux'): shutil.rmtree('kritis-linux')