ns-tools

Namespace utilities to reuse Open Source packaging efforts.
git clone git://r-36.net/ns-tools
Log | Files | Refs | README | LICENSE

README.md (2693B)

      1 # Namespace tools
      2 
      3 ## Namespaces
      4 
      5 Namespaces  are  basically  installations of whatever Linux distribution
      6 you can find. Ns‐tools is using capchroot(1) to allow chroot  into  them
      7 based on group and user authentication. Some wrapper utilities allow the
      8 generation of wrapper scripts in /bin to run  utilities  in  the  names‐
      9 paces.
     10 
     11 ### Namespace configuration
     12 
     13 The  NSROOT  variable  is  not  yet implemented. For now /ns is the base
     14 path. You can configure every  namespace  using  an  »rc.conf«  file  in
     15 /ns/$namespace/.ns/.  There  the  variables  showin in ns‐prepare(1) are
     16 shown.
     17 
     18 When  a  command is run, it is checked, whether a namespace is prepared.
     19 The ONBOOT=1 variable defines, if the namespace should  be  prepared  on
     20 boot.  The ns‐boot(1) script should be run in your init scripts, if this
     21 is required.
     22 
     23 Alos look at the different variables to define which configuration files
     24 should be copied over, linked or run over.
     25 
     26 ## Installation (pre-alpha)
     27 
     28 	# Base installation
     29 	mkdir /ns
     30 	cp bin/* /bin
     31 
     32 	# Install capchroot as stated below.
     33 
     34 	# Install a Debian 7.0 image
     35 	imageuri="$(ns-vzinit list | grep "debian-7.0-$(uname -m)")"
     36 	ns-vzinit install "$imageuri" /ns/debian
     37 
     38 	ns-chroot debian
     39 	debian shell> apt-get install nmap
     40 	debian shell> exit
     41 
     42 	ns-wrapper-install debian nmap
     43 	/bin/nmap -h
     44 	ns-chroot debian man nmap
     45 
     46 ### Capchroot
     47 
     48 Here are the links to install capchroot. For now this isn't automated.
     49 
     50 https://dev.archlinux.org/~thomas/capchroot/
     51 http://bedrocklinux.org/1.0alpha1/install.html#DOWNLOAD%20Capchroot
     52 
     53 After you have a capchroot(1) binary, copy it to your PATH. Set cap_sys_chroot
     54 by running:
     55 
     56 	setcap cap_sys_chroot=ep /bin/capchroot
     57 
     58 Then create the /etc/capchroot.allow file to define users which are allowed to
     59 run capchroot and where. On my setup there is a »ns« group, which members
     60 are allowed to chroot to the defined namespaces.
     61 
     62 	cat /etc/capchroot.allow
     63 	/ns/debian @ns
     64 	...
     65 
     66 ### Kernel configuration
     67 
     68 Depending on the filesystem you use make sure the following options are
     69 enabled in the kernel (for example for ext4):
     70 
     71 These are defined in the kernel .config as:
     72 Ext4 security labels     - EXT4_FS_SECURITY=y
     73 Ext4 extended attributes - EXT4_FS_XATTR=y (deprecated, this is now enabled
     74 by default for ext4).
     75 
     76 ## Issues in the concept
     77 * Unchroot is not yet implemented, so a complete linking in of X11 is not
     78   possible.
     79 * Manpage paths are not global.
     80 * Installation is weird.
     81 * No Makefiles.
     82 * Should be run on top of a static OS, but can be run everywhere, where chroot
     83   is allowed.
     84 
     85 ## Links
     86 
     87 git://git.r-36.net/ns-tools
     88 http://git.r-36.net/ns-tools
     89 Bugs + Patches: 20h@r-36.net
     90 
     91 
     92 Have fun!
     93 
     94 Christoph Lohmann <20h@r-36.net>
     95