Put ourselves in a new PID namespace so that daemons we might start in
the chroot like adbd will be killed on exit.
This simplifies "shutdown" since we no longer need to kill these
processes.
Signed-off-by: Casey Connolly <kcxt@postmarketos.org>
Rework how we handle binfmt_misc so it will work inside a user
namespace.
* Use a custom mountpoint (only accessible inside the mount namespace),
this is the crux of the change, allowing us to mount it as non-root
and avoid messing with any host configs too!
* No longer explicitly modprobe binfmt_misc, any modern system should
probe it automatically when we try to mount it... I think so anyways
heh
Signed-off-by: Casey Connolly <kcxt@postmarketos.org>
This really needs to be fixed up properly, basically we want to map
ourselves in as root, then support the groups <1000 (e.g. abuild uses
group id 300) and finally use our UID namespace (the biiig UIDs) for the
pmos user.
You need "USER:100000:65536" in your /etc/subuid and /etc/subgid files
where "USER" is your username.
This basically results in the chroot perms matching your user for root
and some freaky UIDs for the build user.
Signed-off-by: Casey Connolly <kcxt@postmarketos.org>
