aristanetworks / bst Goto Github PK
View Code? Open in Web Editor NEWA one-stop shop for process isolation
License: MIT License
A one-stop shop for process isolation
License: MIT License
This makes the option more consistent with --share, --unshare, and --persist.
Either of these may be correct in a given situation, or may fail
Host sysfs mount === user ns sysfs mount:
bst --mount /sys,/sys,none,rbind true
Other:
bst --mount none,/sys,sysfs,default true
Maybe bst should just fallback to a rbind mount when it EPERMs, and add a --no-fallback-sysfs-mount
Currently, only three limits are implemented.
--- command ---
05:44:32 /home/anisinha/workspace/bst/test/cram.sh /home/anisinha/workspace/bst/test
--- stdout ---
diff --git a/home/anisinha/workspace/bst/test/net.t b/home/anisinha/workspace/bst/test/net.t.err
index ed61ab5..5338901 100755
--- a/home/anisinha/workspace/bst/test/net.t
+++ b/home/anisinha/workspace/bst/test/net.t.err
@@ -19,8 +19,8 @@ MACVLANs
IPVLANs
$ bst --nic parent,dummy,address=fe:ed:de:ad:be:ef bst --nic ipvlan,type=ipvlan,link=parent -- ip link show ipvlan
- 2: ipvlan@if2: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
- link/ether fe:ed:de:ad:be:ef brd ff:ff:ff:ff:ff:ff link-netnsid 0
+ 2: ipvlan: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
+ link/ether fe:ed:de:ad:be:ef brd ff:ff:ff:ff:ff:ff
Adding addresses
@@ -29,7 +29,7 @@ Adding addresses
link/ether fe:ed:de:ad:be:ef brd ff:ff:ff:ff:ff:ff
inet 172.20.0.1/32 brd 172.20.0.1 scope global dummy
valid_lft forever preferred_lft forever
- inet6 fe80::fced:deff:fead:beef/64 scope link tentative
+ inet6 fe80::fced:deff:fead:beef/64 scope link
valid_lft forever preferred_lft forever
$ bst --nic dummy,type=dummy,address=fe:ed:de:ad:be:ef --ip 172.20.0.1/16,dev=dummy -- ip addr show dummy
@@ -37,7 +37,7 @@ Adding addresses
link/ether fe:ed:de:ad:be:ef brd ff:ff:ff:ff:ff:ff
inet 172.20.0.1/16 brd 172.20.255.255 scope global dummy
valid_lft forever preferred_lft forever
- inet6 fe80::fced:deff:fead:beef/64 scope link tentative
+ inet6 fe80::fced:deff:fead:beef/64 scope link
valid_lft forever preferred_lft forever
Adding routes
@@ -59,4 +59,4 @@ Adding routes
default via 172.20.0.1 dev lo
$ bst --route dev=lo -- ip route show
- default dev lo scope link
+ default dev lo
diff --git a/home/anisinha/workspace/bst/test/bst.t b/home/anisinha/workspace/bst/test/bst.t.err
index 230ba9d..d0e01cd 100755
--- a/home/anisinha/workspace/bst/test/bst.t
+++ b/home/anisinha/workspace/bst/test/bst.t.err
@@ -121,6 +121,8 @@ Testing hostname semantics
Testing persistence
$ mkdir -p foo bar; trap 'bst-unpersist foo && rmdir foo bar' EXIT; bst --persist=foo sh -c 'mount -t tmpfs none bar && echo hello > bar/greeting' && [ ! -f bar/greeting ] && bst --share mnt,user=foo sh -c '[ "$(cat '"$PWD"'/bar/greeting)" = "hello" ]'
+ bst: bind-mount /proc/1173705/ns/mnt to foo/mnt: Invalid argument (is the destination on a private mount?)
+ [1]
Testing --limit core / general tests
$ bst --limit core=0 test/print_limits core
-------
I am trying to build a system like HackerRank, i.e., the code submitted by the user should be executed on the server. From what I understand, bst
can be used for this.
If I run bst
, it opens my shell as mentioned in the documentation. If I delete files the changes are persisted outside my isolated environment. Can somebody please explain what I am missing?
I tried changing the root with --root
, but this is what I get:
samuel@Titan ~/p/bst (main) [1]> bst --root ~/Desktop/test-root ls
bst-init: execvpe ls: No such file or directory
PS: I have no knowledge about namespaces.
Normally, all namespaces are unshared by default, but the lack of --unshare options makes it hard to only unshare a select few while keeping the rest. This is mostly made visible when trying to re-enter a persisted spacetime whose init died -- in which case, you need to unshare a new PID namespace.
With this, we could call bst --share-all=<path> --unshare-pid
. Right now, the alternative is to either unpersist the pid ns file, or manually pass all --share flags individually.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.