Herein lies a guide to setting up a union sandbox for development purposes using unionfs-fuse. This is the quickest, dirtiest way to perform operations in a sandbox which will not effect the base system. All writes will end up in a single directory which can be cleaned between uses. With debugging enabled one can see any writeable actions that take place in the sandbox, thus allowing for a more fine-grained look at the effects of an application on a system.
Note that unionfs-fuse is not as production-ready as a kernel mode unionfs (aufs is an alternative) but this method does not require kernel patching. Also note that this system may provide unexpected results on a "root" filesystem.
Also note that this guide is for a basic 'chroot' environment. The process table and devices are shared with the host system, so anything done by a process could kill the host system's processes or damage hardware. Always use caution when in a chroot environment. A safer method is replicating the sandbox in a LiveDVD with writes going to a tmpfs filesystem. The image could be booted from VMware to speed development.
Unfortunately it seems like the current unionfs-fuse does not handle files which need to be mmap()'d. A kernel solution may be a better long-term fix, but for the short term there is a workaround included below.
- set up unionfs
# Make sure kernel-* is not excluded from yum.conf
yum -y install kernel-devel dkms dkms-fuse fuse fuse-devel
yum -y install fuse-unionfs
- cloning a build box
rsync --progress -a /.autofsck /.autorelabel /.bash_history /bin /boot /dev /etc \
/home /lib /lib64 /mnt /opt /sbin /selinux /srv /usr /var .
mkdir proc sys tmp spln root
chmod 1777 tmp
- setting up the unionfs
mkdir writes mount
unionfs -o cow -o noinitgroups -o default_permissions -o allow_other -o use_ino \
-o nonempty `pwd`/writes=RW:`pwd`/sandbox=RO `pwd`/mount
- using the sandbox
mount -o bind /proc `pwd`/mount/proc
mount -o bind /sys `pwd`/mount/sys
mount -o bind /dev `pwd`/mount/dev
mount -t devpts none `pwd`/mount/dev/pts
mount -t tmpfs none `pwd`/mount/dev/shm
chroot `pwd`/mount /bin/bash --login
- handling mmap()'d files
cp -a --parents sandbox/var/lib/rpm mmap-writes/
mount -o bind `pwd`/mmap-writes/sandbox/var/lib/rpm `pwd`/mount/var/lib/rpm