Skip to content

Port unshare user/mount namespace support from uruntime#137

Draft
Copilot wants to merge 4 commits intomainfrom
copilot/port-unshare-functionality
Draft

Port unshare user/mount namespace support from uruntime#137
Copilot wants to merge 4 commits intomainfrom
copilot/port-unshare-functionality

Conversation

Copy link

Copilot AI commented Nov 1, 2025
edited
Loading

Implements automatic fallback to user+mount namespaces when SUID fusermount is unavailable, based on uruntime's implementation.

Changes

Core namespace handling

  • try_unshare() - Creates CLONE_NEWUSER | CLONE_NEWNS with configurable UID/GID mapping
  • restore_capabilities() - Restores capabilities via capget/capset syscalls after namespace entry
  • try_make_mount_private() - Applies MS_REC | MS_PRIVATE to prevent mount leaks
  • is_in_user_and_mount_namespace() - Detects existing namespace via /proc/self/uid_map parsing

FUSE availability enhancement

  • check_fuse() - Attempts unshare when SUID fusermount detection fails
  • is_suid_exe() - Validates setuid bit + owner root for fusermount binaries

User interface

# Explicit request
./app.AppImage --appimage-unshare

# Environment control
APPIMAGE_UNSHARE=1 ./app.AppImage
APPIMAGE_UNSHARE_ROOT=1 ./app.AppImage  # map to UID/GID 0
APPIMAGE_UNSHARE_UID=1000 APPIMAGE_UNSHARE_GID=1000 ./app.AppImage

Implementation notes

  • Uses system capability structs (__user_cap_header_struct, __user_cap_data_struct)
  • Silently ignores individual ambient capability failures (may not be available on all kernels)
  • Returns true from check_fuse() even when both SUID and unshare fail to allow non-SUID fusermount attempts
  • Constants defined for magic numbers (DEFAULT_LAST_CAP=39, UINT32_FULL_RANGE, UID_GID_MAP_BUFFER_SIZE)
Original prompt

Port unshare functionality from VHSgunzo/uruntime@ab5a4f7 into type2-runtime, then build the runtime and test whether it works with unshare.

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@probonopd probonopd mentioned this pull request Nov 1, 2025
Open
Copilot AI and others added 3 commits November 1, 2025 12:02
@probonopd
Add unshare functionality - initial implementation
c94df8e 
Co-authored-by: probonopd <2480569+probonopd@users.noreply.github.com>
@probonopd
Address code review feedback - improve error handling and remove redu…
12870f4 
…ndancy

Co-authored-by: probonopd <2480569+probonopd@users.noreply.github.com>
@probonopd
Define magic numbers as constants for better code maintainability
a580f4b 
Co-authored-by: probonopd <2480569+probonopd@users.noreply.github.com>
Copilot AI changed the title [WIP] Port unshare functionality to type2-runtime Port unshare user/mount namespace support from uruntime Nov 1, 2025
Copilot AI requested a review from probonopd November 1, 2025 12:20
@TheAssassin
Copy link
Member

TheAssassin commented Nov 7, 2025

The sentence "based on uruntime's implementation" alone qualifies for a copyright review...

@probonopd
Copy link
Member

probonopd commented Nov 8, 2025
edited
Loading

uruntime is under the MIT License. Do you see any concerns with that @TheAssassin? We could always ask the author for explicit permission to apply this patch.

For me the question is also, are there any known real world use cases for which the added complexity from this code path is justified?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@probonopd probonopd Awaiting requested review from probonopd

At least 1 approving review is required to merge this pull request.

Assignees

@probonopd probonopd

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@TheAssassin @probonopd