diff options
| author | Richard Maw <richard.maw@codethink.co.uk> | 2014-10-24 14:36:18 +0000 |
|---|---|---|
| committer | Richard Maw <richard.maw@codethink.co.uk> | 2014-10-24 14:36:18 +0000 |
| commit | 1d6451363c92ec5466b01b5ba2fd327066343ab4 (patch) | |
| tree | 7f4ba158e8061678cfecff8fd04ee1d2e3cff61a /morphlib/extensions.py | |
| parent | 0ed18258e2fa760eae780fee741bb95eeb467bc4 (diff) | |
| parent | 595c92f65deb02e56414d80a7cfe8cfde508ca4d (diff) | |
| download | morph-1d6451363c92ec5466b01b5ba2fd327066343ab4.tar.gz | |
Merge branch 'baserock/richardmaw/parallelism-improvements'
This stripped out the commit from the patch series on the mailing list
to remove /dev/shm.
Reviewed-by: Sam Thursfield
Reviewed-by: Daniel Silverstone
Diffstat (limited to 'morphlib/extensions.py')
| -rw-r--r-- | morphlib/extensions.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/morphlib/extensions.py b/morphlib/extensions.py index af6ba279..6b81e116 100644 --- a/morphlib/extensions.py +++ b/morphlib/extensions.py @@ -223,7 +223,11 @@ class ExtensionSubprocess(object): def close_read_end(): os.close(log_read_fd) p = subprocess.Popen( - [filename] + args, cwd=cwd, env=new_env, + # We unshare and mount --make-rprivate so mounts done by write + # extensions can't interfere with the rest of the system. + ['unshare', '-m', '--', '/bin/sh', '-c', + 'mount --make-rprivate / && exec "$@"', '-', filename] + args, + cwd=cwd, env=new_env, stdout=subprocess.PIPE, stderr=subprocess.PIPE, preexec_fn=close_read_end) os.close(log_write_fd) |