blob: 136390bdca4d07ef6baee7c8574091e93006bbf6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
#!/bin/sh
# This file is in the public domain.
#
# Shell script for to setup one instance of a network namespace.
# Used by buildslaves to avoid port conflicts.
#
# The arguments are the command (and arguments to the
# command) to be run in the network namespace (i.e. 'make check').
#
set -eu
set -x
# Be extra safe, even though sudo should already do this.
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# See netjail-init.sh
BRIDGE=builderbridge
# Generate random ID for namespace
NSUID=$(od -x /dev/urandom | head -1 | awk '{OFS="-"; print $2$3}')
NSNAME=buildernet-$NSUID
# Create network namespace
ip netns add "$NSNAME"
TAP=tap-$NSUID
BRTAP=br-tap-$NSUID
# Setup link to our bridge
ip link add "$TAP" type veth peer name "$BRTAP"
brctl addif "$BRIDGE" "$BRTAP"
ip link set "$TAP" netns "$NSNAME"
ip link set dev "$BRTAP" up
# Execute netjail-privdrop in a process namespace, but do not mount proc yet,
# so that we can still "nsenter" the root NS to drop the
exec unshare -fp --kill-child -- ip netns exec "$NSNAME" netjail-privdrop.sh "$NSUID" "$@"
|
