int main(int argc, char *argv[]) { const char * const writable[] = { "/home", NULL }; const char * const readonly[] = { "/", "/usr", "/boot", NULL }; const char * const inaccessible[] = { "/home/lennart/projects", NULL }; int r; char tmp_dir[] = "/tmp/systemd-private-XXXXXX", var_tmp_dir[] = "/var/tmp/systemd-private-XXXXXX"; assert_se(mkdtemp(tmp_dir)); assert_se(mkdtemp(var_tmp_dir)); r = setup_namespace((char **) writable, (char **) readonly, (char **) inaccessible, tmp_dir, var_tmp_dir, true, PROTECT_HOME_NO, PROTECT_SYSTEM_NO, 0); if (r < 0) { log_error("Failed to setup namespace: %s", strerror(-r)); return 1; } execl("/bin/sh", "/bin/sh", NULL); log_error("execl(): %m"); return 1; }
int main(int argc, char *argv[]) { const char * const writable[] = { "/home", NULL }; const char * const readonly[] = { "/", "/usr", "/boot", NULL }; const char *inaccessible[] = { "/home/lennart/projects", NULL }; char *root_directory; char *projects_directory; int r; char tmp_dir[] = "/tmp/systemd-private-XXXXXX", var_tmp_dir[] = "/var/tmp/systemd-private-XXXXXX"; assert_se(mkdtemp(tmp_dir)); assert_se(mkdtemp(var_tmp_dir)); root_directory = getenv("TEST_NS_CHROOT"); projects_directory = getenv("TEST_NS_PROJECTS"); if (projects_directory) inaccessible[0] = projects_directory; log_info("Inaccessible directory: '%s'", inaccessible[0]); if (root_directory) log_info("Chroot: '%s'", root_directory); else log_info("Not chrooted"); r = setup_namespace(root_directory, (char **) writable, (char **) readonly, (char **) inaccessible, tmp_dir, var_tmp_dir, NULL, true, PROTECT_HOME_NO, PROTECT_SYSTEM_NO, 0); if (r < 0) { log_error_errno(r, "Failed to setup namespace: %m"); log_info("Usage:\n" " sudo TEST_NS_PROJECTS=/home/lennart/projects ./test-ns\n" " sudo TEST_NS_CHROOT=/home/alban/debian-tree TEST_NS_PROJECTS=/home/alban/debian-tree/home/alban/Documents ./test-ns"); return 1; } execl("/bin/sh", "/bin/sh", NULL); log_error_errno(errno, "execl(): %m"); return 1; }