Use bubblewrap (https://github.com/projectatomic/bubblewrap) instead of proot.

awx/main/utils.py

@@ -538,7 +538,7 @@ def check_proot_installed():
     Check that proot is installed.
     '''
     from django.conf import settings
-    cmd = [getattr(settings, 'AWX_PROOT_CMD', 'proot'), '--version']
+    cmd = [getattr(settings, 'AWX_PROOT_CMD', 'bwrap'), '--version']
     try:
         proc = subprocess.Popen(cmd, stdout=subprocess.PIPE,
                                 stderr=subprocess.PIPE)
@@ -566,8 +566,7 @@ def wrap_args_with_proot(args, cwd, **kwargs):
      - /tmp (except for own tmp files)
     '''
     from django.conf import settings
-    new_args = [getattr(settings, 'AWX_PROOT_CMD', 'proot'), '-v',
-                str(getattr(settings, 'AWX_PROOT_VERBOSITY', '0')), '-r', '/']
+    new_args = [getattr(settings, 'AWX_PROOT_CMD', 'bwrap'), '--dev-bind', '/', '/']
     hide_paths = ['/etc/tower', '/var/lib/awx', '/var/log',
                   tempfile.gettempdir(), settings.PROJECTS_ROOT,
                   settings.JOBOUTPUT_ROOT]
@@ -582,7 +581,7 @@ def wrap_args_with_proot(args, cwd, **kwargs):
             handle, new_path = tempfile.mkstemp(dir=kwargs['proot_temp_dir'])
             os.close(handle)
             os.chmod(new_path, stat.S_IRUSR | stat.S_IWUSR)
-        new_args.extend(['-b', '%s:%s' % (new_path, path)])
+        new_args.extend(['--bind', '%s' %(new_path,), '%s' % (path,)])
     if 'private_data_dir' in kwargs:
         show_paths = [cwd, kwargs['private_data_dir']]
     else:
@@ -595,8 +594,8 @@ def wrap_args_with_proot(args, cwd, **kwargs):
     for path in sorted(set(show_paths)):
         if not os.path.exists(path):
             continue
-        new_args.extend(['-b', '%s:%s' % (path, path)])
-    new_args.extend(['-w', cwd])
+        new_args.extend(['--bind', '%s' % (path,), '%s' % (path,)])
+    new_args.extend(['--chdir', cwd])
     new_args.extend(args)
     return new_args
 

awx/settings/defaults.py

@@ -495,25 +495,25 @@ JOB_EVENT_MAX_QUEUE_SIZE = 100
 # Flag to enable/disable updating hosts M2M when saving job events.
 CAPTURE_JOB_EVENT_HOSTS = False
 
-# Enable proot support for running jobs (playbook runs only).
+# Enable bubblewrap support for running jobs (playbook runs only).
 # Note: This setting may be overridden by database settings.
 AWX_PROOT_ENABLED = False
 
-# Command/path to proot.
-AWX_PROOT_CMD = 'proot'
+# Command/path to bubblewrap.
+AWX_PROOT_CMD = 'bwrap'
 
-# Additional paths to hide from jobs using proot.
+# Additional paths to hide from jobs using bubblewrap.
 # Note: This setting may be overridden by database settings.
 AWX_PROOT_HIDE_PATHS = []
 
-# Additional paths to show for jobs using proot.
+# Additional paths to show for jobs using bubbelwrap.
 # Note: This setting may be overridden by database settings.
 AWX_PROOT_SHOW_PATHS = []
 
 # Number of jobs to show as part of the job template history
 AWX_JOB_TEMPLATE_HISTORY = 10
 
-# The directory in which proot will create new temporary directories for its root
+# The directory in which bubblewrap will create new temporary directories for its root
 # Note: This setting may be overridden by database settings.
 AWX_PROOT_BASE_PATH = "/tmp"