Skip to content

Port unshare user/mount namespace support from uruntime #137

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

Port unshare user/mount namespace support from uruntime #137

wants to merge 4 commits into from
+268 −10

Conversation

Copy link

Copilot AI commented Nov 1, 2025
edited
Loading

Implements automatic fallback to user+mount namespaces when SUID fusermount is unavailable, based on uruntime's implementation.

Changes

Core namespace handling

  • try_unshare() - Creates CLONE_NEWUSER | CLONE_NEWNS with configurable UID/GID mapping
  • restore_capabilities() - Restores capabilities via capget/capset syscalls after namespace entry
  • try_make_mount_private() - Applies MS_REC | MS_PRIVATE to prevent mount leaks
  • is_in_user_and_mount_namespace() - Detects existing namespace via /proc/self/uid_map parsing

FUSE availability enhancement

  • check_fuse() - Attempts unshare when SUID fusermount detection fails
  • is_suid_exe() - Validates setuid bit + owner root for fusermount binaries

User interface

# Explicit request
./app.AppImage --appimage-unshare

# Environment control
APPIMAGE_UNSHARE=1 ./app.AppImage
APPIMAGE_UNSHARE_ROOT=1 ./app.AppImage  # map to UID/GID 0
APPIMAGE_UNSHARE_UID=1000 APPIMAGE_UNSHARE_GID=1000 ./app.AppImage

Implementation notes

  • Uses system capability structs (__user_cap_header_struct, __user_cap_data_struct)
  • Silently ignores individual ambient capability failures (may not be available on all kernels)
  • Returns true from check_fuse() even when both SUID and unshare fail to allow non-SUID fusermount attempts
  • Constants defined for magic numbers (DEFAULT_LAST_CAP=39, UINT32_FULL_RANGE, UID_GID_MAP_BUFFER_SIZE)
Original prompt

Port unshare functionality from VHSgunzo/uruntime@ab5a4f7 into type2-runtime, then build the runtime and test whether it works with unshare.

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@probonopd probonopd mentioned this pull request Nov 1, 2025
Open
Copilot AI changed the title [WIP] Port unshare functionality to type2-runtime Port unshare user/mount namespace support from uruntime Nov 1, 2025
Copilot AI requested a review from probonopd November 1, 2025 12:20
Copilot finished work on behalf of probonopd November 1, 2025 12:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@probonopd probonopd Awaiting requested review from probonopd

At least 1 approving review is required to merge this pull request.

Assignees

@probonopd probonopd

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@probonopd