int main(int argc, char *argv[]) {
const char * const writable[] = {
"/home",
NULL
};
const char * const readonly[] = {
"/",
"/usr",
"/boot",
NULL
};
const char * const inaccessible[] = {
"/home/lennart/projects",
NULL
};
int r;
char tmp_dir[] = "/tmp/systemd-private-XXXXXX",
var_tmp_dir[] = "/var/tmp/systemd-private-XXXXXX";
assert_se(mkdtemp(tmp_dir));
assert_se(mkdtemp(var_tmp_dir));
r = setup_namespace((char **) writable,
(char **) readonly,
(char **) inaccessible,
tmp_dir,
var_tmp_dir,
true,
PROTECT_HOME_NO,
PROTECT_SYSTEM_NO,
0);
if (r < 0) {
log_error("Failed to setup namespace: %s", strerror(-r));
return 1;
}
execl("/bin/sh", "/bin/sh", NULL);
log_error("execl(): %m");
return 1;
}
int main(int argc, char *argv[]) {
const char * const writable[] = {
"/home",
NULL
};
const char * const readonly[] = {
"/",
"/usr",
"/boot",
NULL
};
const char *inaccessible[] = {
"/home/lennart/projects",
NULL
};
char *root_directory;
char *projects_directory;
int r;
char tmp_dir[] = "/tmp/systemd-private-XXXXXX",
var_tmp_dir[] = "/var/tmp/systemd-private-XXXXXX";
assert_se(mkdtemp(tmp_dir));
assert_se(mkdtemp(var_tmp_dir));
root_directory = getenv("TEST_NS_CHROOT");
projects_directory = getenv("TEST_NS_PROJECTS");
if (projects_directory)
inaccessible[0] = projects_directory;
log_info("Inaccessible directory: '%s'", inaccessible[0]);
if (root_directory)
log_info("Chroot: '%s'", root_directory);
else
log_info("Not chrooted");
r = setup_namespace(root_directory,
(char **) writable,
(char **) readonly,
(char **) inaccessible,
tmp_dir,
var_tmp_dir,
NULL,
true,
PROTECT_HOME_NO,
PROTECT_SYSTEM_NO,
0);
if (r < 0) {
log_error_errno(r, "Failed to setup namespace: %m");
log_info("Usage:\n"
" sudo TEST_NS_PROJECTS=/home/lennart/projects ./test-ns\n"
" sudo TEST_NS_CHROOT=/home/alban/debian-tree TEST_NS_PROJECTS=/home/alban/debian-tree/home/alban/Documents ./test-ns");
return 1;
}
execl("/bin/sh", "/bin/sh", NULL);
log_error_errno(errno, "execl(): %m");
return 1;
}
