Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/dramforever/binderlay

Playground for mount namespaces
https://github.com/dramforever/binderlay

Last synced: about 1 month ago
JSON representation

Playground for mount namespaces

Awesome Lists containing this project

README

        

# `binderlay`

*Work in progress. Breaking changes will occur without notice.*

Playground for mount namespaces, bind mounts, OverlayFS, etc.

## Nix flake

This repository contains a Nix Flake. To refer to it, use the following Flake URL:

```
github:dramforever/binderlay
```

### Running `binderlay` as a flake

```
$ nix run github:dramforever/binderlay --
```

## What does it do?

```
$ binderlay [--] []
```

`binderlay` will:

- Call `unshare(2)` to move itself into a new user namespace and mount namespace.
- Map the executing user's own uid and gid to be the same as the original user namespace.
- Perform operations within the mount namespace as listed
- `execv` another program with the listed argument list

Each operation is specified using several command line parameters. A lone `--` terminates the operation list. The following operations are available

- `--bind `: Bind mount `src` to `dest`
- `--tmpfs `: Mount a `tmpfs` on `dest`
- `--overlayfs `: Mount an OverlayFS on `dest`, with `lowerdir=,upperdir=,workdir=`
- `--fs `: Mount a filesystem on `dest`. Similar to `mount -t -o `
- `--mkdir `: `mkdir` the directory ``. Currently will not also make parent directories.
- `--pivot-root `: Perform a `pivot_root(2)` and `chroot` into `dest`

An example that runs `/usr/bin/bash` in a chroot with only `/usr`:

```bash
binderlay \
--mkdir /tmp/work \
--tmpfs /tmp/work \
--mkdir /tmp/work/usr \
--bind /usr /tmp/work/usr \
--pivot-root /tmp/work \
/usr/bin/bash bash
```