[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-deployment] branch master updated: fix netjail comments, handle f
From: |
gnunet |
Subject: |
[taler-deployment] branch master updated: fix netjail comments, handle failing commands better |
Date: |
Mon, 17 Feb 2020 21:15:29 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository deployment.
The following commit(s) were added to refs/heads/master by this push:
new be061b4 fix netjail comments, handle failing commands better
be061b4 is described below
commit be061b4da9a8850412c216bdf49589e6951527c5
Author: Christian Grothoff <address@hidden>
AuthorDate: Mon Feb 17 21:15:26 2020 +0100
fix netjail comments, handle failing commands better
---
netjail/netjail-privdrop.sh | 7 ++++---
netjail/netjail.sh | 9 ++-------
2 files changed, 6 insertions(+), 10 deletions(-)
diff --git a/netjail/netjail-privdrop.sh b/netjail/netjail-privdrop.sh
index 4ea2a3e..816bdf8 100755
--- a/netjail/netjail-privdrop.sh
+++ b/netjail/netjail-privdrop.sh
@@ -6,9 +6,8 @@
# Used by buildslaves to avoid port conflicts.
#
# First argument ($1) must be a unique number (unique amongst
-# all users of the script) between 2 and 254 to be used in
-# the IP address for routing the traffic of the network
-# namespace to the Internet.
+# all users of the script) to be used in
+# the name of the virtual network devices and the namespace itself.
#
# The remaining arguments are the command (and arguments to the
# command) to be run in the network namespace (i.e. 'make check').
@@ -37,8 +36,10 @@ ME=${SUDO_USER:?must run in sudo}
# Execute target program as the original user.
# We should already be in a PID namespace, but we still need to mount proc.
+set +e
unshare --mount-proc -- sudo -u "$ME" -- "$@"
ret=$?
+set -e
# Release the lease
dhclient --no-pid -r || false
diff --git a/netjail/netjail.sh b/netjail/netjail.sh
index 17dd095..136390b 100755
--- a/netjail/netjail.sh
+++ b/netjail/netjail.sh
@@ -5,12 +5,7 @@
# Shell script for to setup one instance of a network namespace.
# Used by buildslaves to avoid port conflicts.
#
-# First argument ($1) must be a unique number (unique amongst
-# all users of the script) between 2 and 254 to be used in
-# the IP address for routing the traffic of the network
-# namespace to the Internet.
-#
-# The remaining arguments are the command (and arguments to the
+# The arguments are the command (and arguments to the
# command) to be run in the network namespace (i.e. 'make check').
#
@@ -41,5 +36,5 @@ ip link set "$TAP" netns "$NSNAME"
ip link set dev "$BRTAP" up
# Execute netjail-privdrop in a process namespace, but do not mount proc yet,
-# so that we can still "nsenter" the root NS to drop the
+# so that we can still "nsenter" the root NS to drop the
exec unshare -fp --kill-child -- ip netns exec "$NSNAME" netjail-privdrop.sh
"$NSUID" "$@"
--
To stop receiving notification emails like this one, please contact
address@hidden.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-deployment] branch master updated: fix netjail comments, handle failing commands better,
gnunet <=