Skip to content

Implementation to jail Spack inside a user chroot using Linux namespaces#5545

Closed
TheTimmy wants to merge 1 commit intospack:developfrom
TheTimmy:features/bootstrap-final
Closed

Implementation to jail Spack inside a user chroot using Linux namespaces#5545
TheTimmy wants to merge 1 commit intospack:developfrom
TheTimmy:features/bootstrap-final

Conversation

@TheTimmy
Copy link
Copy Markdown

@TheTimmy TheTimmy commented Sep 29, 2017
edited
Loading

This feature support to jail Spack inside a chroot (see #5193 approach 3 for details),
but without the requirements of the pull request #5489.
This allows to find potentially missing depends_on calls.

It introduces the commands:

./spack isolate --build-environment path/to/jail/dir --tarball path/to/tarball
To create a jail for Spack and mount bind /dev, /sys and /proc to be available inside the jail.

./spack isolate --remove-environment
To unmount the mounted /dev, /sys and /proc directories.

./spack isolate --cli
To start a shell inside the jail.

To create a bootstrap environment it is possible to use an already generated tarball from OpenStack or by using mkosi. A restriction is, that the root directory of the tarball must be a directory which contains the distribution.

To generate the mount bind and chroot calls in uses namespaces.
Unfortunately it does not support the separation of the PID namespace, due to the fact, that Python cannot read C defines and structs.

Final implementation for the isolation command to jail Spack inside a…
f1d4458 
… user chroot environment.

Final implementation for the user chroot approach.

Fixed coding style to spack coding style guide

Fixed removal of the base file if an error occured
@TheTimmy TheTimmy mentioned this pull request Sep 29, 2017
Closed
@davydden
Copy link
Copy Markdown
Member

davydden commented Sep 29, 2017

After the interface is agreed upon, please document the usage somewhere in /lib/spack/docs http://spack.readthedocs.io/en/latest/

@junghans junghans mentioned this pull request Oct 4, 2017
Merged
@adamjstewart adamjstewart added the feature A feature is missing in Spack label Mar 23, 2018
@adamjstewart adamjstewart mentioned this pull request Apr 8, 2018
Closed
@alalazo alalazo mentioned this pull request May 2, 2018
Closed
@alalazo
Copy link
Copy Markdown
Member

alalazo commented Nov 11, 2019

This allows to find potentially missing depends_on calls.

@tgamblin @ax3l The use case above is better served in my opinion using Spack from within a container. I'll leave this open to see if somebody disagrees, will revisit in some time.

@ax3l
Copy link
Copy Markdown
Member

ax3l commented Nov 18, 2019
edited
Loading

I think this is an interesting approach.
Probably cuts even more cases than the conda-build approach, which uses readelf to grep out-of-sysroot dependencies in generated binaries.

@michaelkuhn
Copy link
Copy Markdown
Member

michaelkuhn commented Feb 24, 2020

I guess now that we have spack containerize we do not really need this anymore. If anyone else is interested, feel free to pick it up, though.

@alalazo
Copy link
Copy Markdown
Member

alalazo commented Mar 26, 2020

Closing the PR following the comment of @michaelkuhn If anybody wants to continue the work and discussion, feel free to reopen.

@alalazo alalazo closed this Mar 26, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

feature A feature is missing in Spack new-command

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@TheTimmy @davydden @alalazo @ax3l @michaelkuhn @adamjstewart