NAME

cancer0 - semi-chroot for executing bloatware

SYNPOSIS

cancer0 [--config-opts] -- [bloatware] [args]

DESCRIPTION

cancer0 is a program that creates new chroot-like environment using Linux namespace(s) and executes a typically unprivileged process within that environemnt.

The intention is to install a modern Linux distribution in a chroot then execute bloatware from within that installation on the host system in a way that the bloatware picks up shared libraries and data files from the chroot but oterhwise fully integrates into the host system's environment.

The exact sequence cancer0 of execution is, regardless of the order of config option arguments:

 
 1. create a child process
 2. make mounts (-m)
 3. set environment variables (-e)
 4. execute root commands (-C)
 5. switch group, including supplementary groups (-g)
 6. switch user (-u)
 7. change dir (-c)
 8. execute bloatware
 9. wait for bloatware to exit

A new mount namespace is always created. This namespaces inherits a copy of the caller's mount states. Directories can be over-mounted using the -m argument. A typical usecase is -m /opt/debian/usr /usr, which will replace /usr in the new environment with /opt/debian/usr (in the style of mount -o bind). Since this mount happens within the new namespace created for the new environemnt, it is not listed in the host system's mount tab.

OPTIONS

-v	increase verbosity (trace messages printed to stderr)
-u UID	switch user to integer UID; if not specified, no user switch is performed (except in cancer, where in this case the user is switched back to the unprivileged user who invoked cancer)
-g GID	for the first -g: switch user to integer UID; for a subsequent -g: add another supplementary group to switch to; if no -g is specified, no group switch is performed
-n type	create a new namespace of type, which is one of: uts Hostname and NIST domain pid PID (bloatware will have PID 1 in the new namespace) ipc System V IPC, POSIX message queues net network devices, protoc stacks cgroup control group
-c path	change dir to path before executing bloatware; the path is interpreted within the new environment with the effect of all -m arguments; if not specified CWD is not changed
-C cmd	execute cmd as root within the new environment before executing bloatware; this happens after all the mounts and environment variable setup but before switching users/groups. Useful for setting up networking in case of -n net.
-e name value	export an environment value into the new environment
-m src target	create a bind mount within the new environment; same as mount -i bind src target

SEE ALSO

• cancer(8)
• namespaces(7)