blob: a4ab6725d918b39331068fbd38760083065250e9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
#![cfg(target_os = "linux")]
use nix::unistd::geteuid;
use tokio::process::Command;
/// Re-launch self with rootlesskit if we're not root.
/// Allows for rootless and containerized networking.
/// The VNC port is published to localhost.
pub async fn relaunch_with_rootlesskit(vnc_port: Option<u16>) {
// check if user is root (`man getuid`).
if geteuid().is_root() {
return;
}
let mut cmd = Command::new("rootlesskit");
cmd.args([
"--net",
"slirp4netns",
"--ipv6",
// A higher MTU breaks IPv6
"--mtu",
"1500",
"--copy-up=/etc",
]);
if let Some(port) = vnc_port {
log::debug!("VNC port: {port} -> 5901/tcp");
cmd.args([
"--port-driver",
"slirp4netns",
"-p",
&format!("127.0.0.1:{port}:5901/tcp"),
]);
} else {
cmd.arg("--disable-host-loopback");
}
cmd.args(std::env::args());
let status = cmd.status().await.unwrap_or_else(|e| {
panic!("failed to execute [{cmd:?}]: {e}");
});
std::process::exit(status.code().unwrap_or(1));
}
|
