Split this binary out from ostree

10 files changed, 949 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..5af346a
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,37 @@
+# Standard C/Automake goo
+.deps
+.libs
+*.typelib
+*.la
+*.lo
+*.o
+*.pyc
+*.stamp
+*~
+Makefile
+Makefile.in
+aclocal.m4
+autom4te.cache
+compile
+config.guess
+config.h
+config.h.in
+config.log
+config.status
+config.sub
+configure
+depcomp
+gtk-doc.make
+INSTALL
+install-sh
+libtool
+ltmain.sh
+missing
+stamp-h1
+ylwrap
+py-compile
+config
+m4
+po
+ABOUT-NLS
+_build
diff --git a/COPYING b/COPYING
new file mode 100644
index 0000000..d60c31a
--- /dev/null
+++ b/COPYING
@@ -0,0 +1,340 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+     59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year  name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/Makefile-docbook-man.am b/Makefile-docbook-man.am
new file mode 100644
index 0000000..4bdb501
--- /dev/null
+++ b/Makefile-docbook-man.am
@@ -0,0 +1,33 @@
+#  Docbook generation copied from systemd/Makefile.am
+#
+#  Copyright 2010 Lennart Poettering
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+XML_FILES = \
+	${patsubst %.1,%.xml,${patsubst %.3,%.xml,${patsubst %.5,%.xml,${patsubst %.7,%.xml,${patsubst %.8,%.xml,$(MANPAGES)}}}}}
+EXTRA_DIST += $(XML_FILES)
+
+dist_man_MANS = $(MANPAGES)
+
+XSLTPROC_FLAGS = \
+	--nonet \
+	--param funcsynopsis.style "'ansi'"
+
+XSLTPROC_PROCESS_MAN = \
+	$(AM_V_GEN)$(MKDIR_P) $(dir $@) && \
+	$(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
+
+doc/%.1: doc/%.xml
+	$(XSLTPROC_PROCESS_MAN)
diff --git a/Makefile-stub.am b/Makefile-stub.am
new file mode 100644
index 0000000..dfce235
--- /dev/null
+++ b/Makefile-stub.am
@@ -0,0 +1,73 @@
+# Copyright (C) 2011 Colin Walters <walters@verbum.org>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the
+# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+# Boston, MA 02111-1307, USA.
+
+ACLOCAL_AMFLAGS = -I m4 ${ACLOCAL_FLAGS}
+AM_CPPFLAGS = -DDATADIR='"$(datadir)"' -DLIBEXECDIR='"$(libexecdir)"'
+AM_CFLAGS = $(WARN_CFLAGS)
+
+NULL = 
+BUILT_SOURCES =
+MANPAGES =
+CLEANFILES =
+EXTRA_DIST =
+bin_PROGRAMS =
+bin_SCRIPTS =
+libexec_PROGRAMS =
+noinst_LTLIBRARIES =
+noinst_PROGRAMS =
+privlibdir = $(pkglibdir)
+privlib_LTLIBRARIES =
+
+#  Docbook generation copied from systemd/Makefile.am
+#
+#  Copyright 2010 Lennart Poettering
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+XML_FILES = \
+	${patsubst %.1,%.xml,${patsubst %.3,%.xml,${patsubst %.5,%.xml,${patsubst %.7,%.xml,${patsubst %.8,%.xml,$(MANPAGES)}}}}}
+EXTRA_DIST += $(XML_FILES)
+
+if HAVE_XSLTPROC
+
+dist_man_MANS = $(MANPAGES)
+
+XSLTPROC_FLAGS = \
+	--nonet \
+	--param funcsynopsis.style "'ansi'"
+
+XSLTPROC_PROCESS_MAN = \
+	$(AM_V_GEN)$(MKDIR_P) $(dir $@) && \
+	$(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
+
+doc/%.1: doc/%.xml
+	$(XSLTPROC_PROCESS_MAN)
+
+endif
+
+
diff --git a/Makefile-user-chroot.am b/Makefile-user-chroot.am
new file mode 100644
index 0000000..5d29a2c
--- /dev/null
+++ b/Makefile-user-chroot.am
@@ -0,0 +1,22 @@
+# Copyright (C) 2011 Colin Walters <walters@verbum.org>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the
+# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+# Boston, MA 02111-1307, USA.
+
+bin_PROGRAMS += linux-user-chroot
+
+linux_user_chroot_SOURCES = src/linux-user-chroot.c
+
+linux_user_chroot_CFLAGS = $(AM_CFLAGS)
diff --git a/Makefile.am b/Makefile.am
new file mode 100644
index 0000000..af22885
--- /dev/null
+++ b/Makefile.am
@@ -0,0 +1,22 @@
+# Copyright (C) 2011 Colin Walters <walters@verbum.org>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the
+# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+# Boston, MA 02111-1307, USA.
+
+include Makefile-stub.am
+include Makefile-user-chroot.am
+if HAVE_XSLTPROC
+include Makefile-docbook-man.am
+endif
diff --git a/autogen.sh b/autogen.sh
new file mode 100755
index 0000000..6035bc0
--- /dev/null
+++ b/autogen.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+test -n "$srcdir" || srcdir=`dirname "$0"`
+test -n "$srcdir" || srcdir=.
+
+olddir=`pwd`
+cd $srcdir
+
+AUTORECONF=`which autoreconf`
+if test -z $AUTORECONF; then
+        echo "*** No autoreconf found, please intall it ***"
+        exit 1
+fi
+
+mkdir -p m4
+
+autoreconf --force --install --verbose
+
+cd $olddir
+test -n "$NOCONFIGURE" || "$srcdir/configure" "$@"
diff --git a/configure.ac b/configure.ac
new file mode 100644
index 0000000..0161e60
--- /dev/null
+++ b/configure.ac
@@ -0,0 +1,31 @@
+AC_PREREQ([2.63])
+AC_INIT([linux-user-chroot], [0], [walters@verbum.org])
+AC_CONFIG_HEADER([config.h])
+AC_CONFIG_MACRO_DIR([m4])
+AC_CONFIG_AUX_DIR([build-aux])
+
+AM_INIT_AUTOMAKE([1.11 -Wno-portability foreign no-define tar-ustar no-dist-gzip dist-xz])
+AM_MAINTAINER_MODE([enable])
+AM_SILENT_RULES([yes])
+
+AC_PROG_CC
+AM_PROG_CC_C_O
+
+changequote(,)dnl
+if test "x$GCC" = "xyes"; then
+  WARN_CFLAGS="-Wall -Werror=missing-prototypes"
+fi
+changequote([,])dnl
+AC_SUBST(WARN_CFLAGS)
+
+# Initialize libtool
+LT_PREREQ([2.2.4])
+LT_INIT([disable-static])
+
+AC_PATH_PROG([XSLTPROC], [xsltproc])
+AM_CONDITIONAL(HAVE_XSLTPROC, test x"$XSLTPROC" != x)
+
+AC_CONFIG_FILES([
+Makefile
+])
+AC_OUTPUT
diff --git a/linux-user-chroot.doap b/linux-user-chroot.doap
new file mode 100644
index 0000000..aa776b2
--- /dev/null
+++ b/linux-user-chroot.doap
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Project xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+         xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"
+         xmlns:foaf="http://xmlns.com/foaf/0.1/"
+         xmlns:gnome="http://api.gnome.org/doap-extensions#"
+         xmlns="http://usefulinc.com/ns/doap#">
+
+  <name>linux-user-chroot</name>
+
+  <shortdesc xml:lang="en">setuid helper for making bind mounts and chrooting</shortdesc>
+
+  <homepage rdf:resource="http://live.gnome.org/GnomeOS/Building" />
+  <license rdf:resource="http://usefulinc.com/doap/licenses/gpl" />
+
+  <programming-language>C</programming-language>
+
+  <maintainer>
+    <foaf:Person>
+      <foaf:name>Colin Walters</foaf:name>
+      <foaf:mbox rdf:resource="mailto:walters@verbum.org"/>
+      <gnome:userid>walters</gnome:userid>
+    </foaf:Person>
+  </maintainer>
+
+</Project>
diff --git a/src/linux-user-chroot.c b/src/linux-user-chroot.c
new file mode 100644
index 0000000..e9ceaa0
--- /dev/null
+++ b/src/linux-user-chroot.c
@@ -0,0 +1,346 @@
+/* -*- mode: c; tab-width: 2; indent-tabs-mode: nil -*-
+ *
+ * linux-user-chroot: A setuid program that allows non-root users to safely chroot(2)
+ *
+ * "safely": I believe that this program, when deployed as setuid on a
+ * typical "distribution" such as RHEL or Debian, does not, even when
+ * used in combination with typical software installed on that
+ * distribution, allow privilege escalation.
+ *
+ * Copyright 2011,2012 Colin Walters <walters@verbum.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it would be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#define _GNU_SOURCE
+#include <unistd.h>
+#include <stdio.h>
+#include <fcntl.h>
+#include <stdarg.h>
+#include <string.h>
+#include <assert.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/prctl.h>
+#include <sys/mount.h>
+#include <sys/syscall.h>
+#include <sys/wait.h>
+#include <linux/securebits.h>
+#include <sched.h>
+
+static void fatal (const char *message, ...) __attribute__ ((noreturn)) __attribute__ ((format (printf, 1, 2)));
+static void fatal_errno (const char *message) __attribute__ ((noreturn));
+
+static void
+fatal (const char *fmt,
+       ...)
+{
+  va_list args;
+  
+  va_start (args, fmt);
+
+  vfprintf (stderr, fmt, args);
+  putc ('\n', stderr);
+  
+  va_end (args);
+  exit (1);
+}
+
+static void
+fatal_errno (const char *message)
+{
+  perror (message);
+  exit (1);
+}
+
+typedef enum {
+  MOUNT_SPEC_BIND,
+  MOUNT_SPEC_READONLY,
+  MOUNT_SPEC_PROCFS
+} MountSpecType;
+
+typedef struct _MountSpec MountSpec;
+struct _MountSpec {
+  MountSpecType type;
+
+  const char *source;
+  const char *dest;
+  
+  MountSpec *next;
+};
+
+static MountSpec *
+reverse_mount_list (MountSpec *mount)
+{
+  MountSpec *prev = NULL;
+
+  while (mount)
+    {
+      MountSpec *next = mount->next;
+      mount->next = prev;
+      prev = mount;
+      mount = next;
+    }
+
+  return prev;
+}
+
+int
+main (int      argc,
+      char   **argv)
+{
+  const char *argv0;
+  const char *chroot_dir;
+  const char *program;
+  uid_t ruid, euid, suid;
+  gid_t rgid, egid, sgid;
+  int after_mount_arg_index;
+  unsigned int n_mounts = 0;
+  const unsigned int max_mounts = 50; /* Totally arbitrary... */
+  char **program_argv;
+  MountSpec *bind_mounts = NULL;
+  MountSpec *bind_mount_iter;
+  int unshare_ipc = 0;
+  int unshare_net = 0;
+  int unshare_pid = 0;
+  int clone_flags = 0;
+  int child_status = 0;
+  pid_t child;
+
+  if (argc <= 0)
+    return 1;
+
+  argv0 = argv[0];
+  argc--;
+  argv++;
+
+  if (argc < 1)
+    fatal ("ROOTDIR argument must be specified");
+
+  after_mount_arg_index = 0;
+  while (after_mount_arg_index < argc)
+    {
+      const char *arg = argv[after_mount_arg_index];
+      MountSpec *mount = NULL;
+
+      if (n_mounts >= max_mounts)
+        fatal ("Too many mounts (maximum of %u)", n_mounts);
+      n_mounts++;
+
+      if (strcmp (arg, "--mount-bind") == 0)
+        {
+          if ((argc - after_mount_arg_index) < 3)
+            fatal ("--mount-bind takes two arguments");
+
+          mount = malloc (sizeof (MountSpec));
+          mount->type = MOUNT_SPEC_BIND;
+          mount->source = argv[after_mount_arg_index+1];
+          mount->dest = argv[after_mount_arg_index+2];
+          mount->next = bind_mounts;
+          
+          bind_mounts = mount;
+          after_mount_arg_index += 3;
+        }
+      else if (strcmp (arg, "--mount-readonly") == 0)
+        {
+          MountSpec *mount;
+
+          if ((argc - after_mount_arg_index) < 2)
+            fatal ("--mount-readonly takes one argument");
+
+          mount = malloc (sizeof (MountSpec));
+          mount->type = MOUNT_SPEC_READONLY;
+          mount->source = NULL;
+          mount->dest = argv[after_mount_arg_index+1];
+          mount->next = bind_mounts;
+          
+          bind_mounts = mount;
+          after_mount_arg_index += 2;
+        }
+      else if (strcmp (arg, "--mount-proc") == 0)
+        {
+          MountSpec *mount;
+
+          if ((argc - after_mount_arg_index) < 2)
+            fatal ("--mount-proc takes one argument");
+
+          mount = malloc (sizeof (MountSpec));
+          mount->type = MOUNT_SPEC_PROCFS;
+          mount->source = NULL;
+          mount->dest = argv[after_mount_arg_index+1];
+          mount->next = bind_mounts;
+          
+          bind_mounts = mount;
+          after_mount_arg_index += 2;
+        }
+      else if (strcmp (arg, "--unshare-ipc") == 0)
+        {
+          unshare_ipc = 1;
+          after_mount_arg_index += 1;
+        }
+      else if (strcmp (arg, "--unshare-pid") == 0)
+        {
+          unshare_pid = 1;
+          after_mount_arg_index += 1;
+        }
+      else if (strcmp (arg, "--unshare-net") == 0)
+        {
+          unshare_net = 1;
+          after_mount_arg_index += 1;
+        }
+      else
+        break;
+    }
+        
+  bind_mounts = reverse_mount_list (bind_mounts);
+
+  if ((argc - after_mount_arg_index) < 2)
+    fatal ("usage: %s [--unshare-ipc] [--unshare-pid] [--unshare-net] [--mount-proc DIR] [--mount-readonly DIR] [--mount-bind SOURCE DEST] ROOTDIR PROGRAM ARGS...", argv0);
+  chroot_dir = argv[after_mount_arg_index];
+  program = argv[after_mount_arg_index+1];
+  program_argv = argv + after_mount_arg_index + 1;
+
+  if (getresgid (&rgid, &egid, &sgid) < 0)
+    fatal_errno ("getresgid");
+  if (getresuid (&ruid, &euid, &suid) < 0)
+    fatal_errno ("getresuid");
+
+  if (ruid == 0)
+    fatal ("error: ruid is 0");
+  if (rgid == 0)
+    rgid = ruid;
+
+  /* CLONE_NEWNS makes it so that when we create bind mounts below,
+   * we're only affecting our children, not the entire system.  This
+   * way it's harmless to bind mount e.g. /proc over an arbitrary
+   * directory.
+   */
+  clone_flags = SIGCHLD | CLONE_NEWNS;
+  /* CLONE_NEWIPC and CLONE_NEWUTS are avenues of communication that
+   * might leak outside the container; any IPC can be done by setting
+   * up a bind mount and using files or sockets there, if desired.
+   */
+  if (unshare_ipc)
+    clone_flags |= (CLONE_NEWIPC | CLONE_NEWUTS);
+  /* CLONE_NEWPID helps ensure random build or test scripts don't kill
+   * processes outside of the container.
+   */
+  if (unshare_pid)
+    clone_flags |= CLONE_NEWPID;
+
+  /* Isolated networking */
+  if (unshare_net)
+    clone_flags |= CLONE_NEWNET;
+
+  if ((child = syscall (__NR_clone, clone_flags, NULL)) < 0)
+    perror ("clone");
+
+  if (child == 0)
+    {
+      /*
+       * SECBIT_NOROOT helps close the main historical reason why only
+       * uid 0 can chroot(2) - because unprivileged users can create
+       * hard links to setuid binaries, and possibly confuse them into
+       * looking at data (or loading libraries) that they don't
+       * expect, and thus elevating privileges.  With this, executing
+       * a setuid program doesn't gain us any new Linux capabilities
+       * (but it still changes uid).  See below for where we create a
+       * MS_NOSUID bind mount.
+       */
+      if (prctl (PR_SET_SECUREBITS,
+                 SECBIT_NOROOT | SECBIT_NOROOT_LOCKED) < 0)
+        fatal_errno ("prctl (SECBIT_NOROOT)");
+
+      /* This is necessary to undo the damage "sandbox" creates on Fedora
+       * by making / a shared mount instead of private.  This isn't
+       * totally correct because the targets for our bind mounts may still
+       * be shared, but really, Fedora's sandbox is broken.
+       */
+      if (mount (NULL, "/", "none", MS_PRIVATE | MS_REC, NULL) < 0)
+        fatal_errno ("mount(/, MS_PRIVATE | MS_REC)");
+
+      /* I had thought that SECBIT_NOROOT was enough to be safe, but Serge E. Hallyn
+       * pointed out that setuid binaries still change uid to 0.  So let's just
+       * disallow them at the rootfs level.
+       */
+      if (mount (NULL, "/", "none", MS_PRIVATE | MS_REMOUNT | MS_NOSUID, NULL) < 0)
+        fatal_errno ("mount(/, MS_PRIVATE | MS_REC | MS_NOSUID)");
+
+      /* Now let's set up our bind mounts */
+      for (bind_mount_iter = bind_mounts; bind_mount_iter; bind_mount_iter = bind_mount_iter->next)
+        {
+          char *dest;
+          
+          asprintf (&dest, "%s%s", chroot_dir, bind_mount_iter->dest);
+          
+          if (bind_mount_iter->type == MOUNT_SPEC_READONLY)
+            {
+              if (mount (dest, dest,
+                         NULL, MS_BIND | MS_PRIVATE, NULL) < 0)
+                fatal_errno ("mount (MS_BIND)");
+              if (mount (dest, dest,
+                         NULL, MS_BIND | MS_PRIVATE | MS_REMOUNT | MS_RDONLY, NULL) < 0)
+                fatal_errno ("mount (MS_BIND | MS_RDONLY)");
+            }
+          else if (bind_mount_iter->type == MOUNT_SPEC_BIND)
+            {
+              if (mount (bind_mount_iter->source, dest,
+                         NULL, MS_BIND | MS_PRIVATE, NULL) < 0)
+                fatal_errno ("mount (MS_BIND)");
+            }
+          else if (bind_mount_iter->type == MOUNT_SPEC_PROCFS)
+            {
+              if (mount ("proc", dest,
+                         "proc", MS_MGC_VAL | MS_PRIVATE, NULL) < 0)
+                fatal_errno ("mount (\"proc\")");
+            }
+          else
+            assert (0);
+          free (dest);
+        }
+      
+      /* Actually perform the chroot. */
+      if (chroot (chroot_dir) < 0)
+        fatal_errno ("chroot");
+      if (chdir ("/") < 0)
+        fatal_errno ("chdir");
+
+      /* Switch back to the uid of our invoking process.  These calls are
+       * irrevocable - see setuid(2) */
+      if (setgid (rgid) < 0)
+        fatal_errno ("setgid");
+      if (setuid (ruid) < 0)
+        fatal_errno ("setuid");
+
+      if (execv (program, program_argv) < 0)
+        fatal_errno ("execv");
+    }
+
+  /* Let's also setuid back in the parent - there's no reason to stay uid 0, and
+   * it's just better to drop privileges. */
+  if (setgid (rgid) < 0)
+    fatal_errno ("setgid");
+  if (setuid (ruid) < 0)
+    fatal_errno ("setuid");
+
+  /* Kind of lame to sit around blocked in waitpid, but oh well. */
+  if (waitpid (child, &child_status, 0) < 0)
+    fatal_errno ("waitpid");
+  
+  if (WIFEXITED (child_status))
+    return WEXITSTATUS (child_status);
+  else
+    return 1;
+}