diff options
author | Thomas Coldrick <coldtom@protonmail.com> | 2020-01-17 21:18:28 +0000 |
---|---|---|
committer | Javier Jardón <jjardon@gnome.org> | 2020-04-08 15:28:58 +0000 |
commit | 4cc77eac4a1a195a52b58ceffd12e32f381ec7fc (patch) | |
tree | 98f8e6fa51d6de05815e7fd0a9637585c7177c5e | |
parent | ec4a9fe9debb1d506a739f1b65748c8b612d7a09 (diff) | |
download | buildstream-coldtom/backport-dev-shm.tar.gz |
_sandboxbwrap.py: Create /dev/shm in the sandboxcoldtom/backport-dev-shm
Create /dev/shm as a tmpfs in the sandbox. Before now access to /dev/shm
was only available by a plugin using `Sandbox.mark_directory()` or
adding to `Sandbox.DEVICES`, either of which would _mount_ /dev/shm into
the sandbox, allowing pollution from the host. This adds it as a tmpfs
by default, which seems sensible as it is required for POSIX support.
Also adds a test which makes sure that we can open a shared memory
object inside the build sandbox with some (probably poor) C code.
Backport of !1694
-rw-r--r-- | buildstream/sandbox/_sandboxbwrap.py | 10 | ||||
-rw-r--r-- | buildstream/sandbox/sandbox.py | 8 | ||||
-rw-r--r-- | tests/integration/project/elements/sandbox-bwrap/test-dev-shm.bst | 15 | ||||
-rw-r--r-- | tests/integration/project/files/test_shm.c | 28 | ||||
-rw-r--r-- | tests/integration/sandbox-bwrap.py | 10 |
5 files changed, 69 insertions, 2 deletions
diff --git a/buildstream/sandbox/_sandboxbwrap.py b/buildstream/sandbox/_sandboxbwrap.py index 450f1913f..548d27228 100644 --- a/buildstream/sandbox/_sandboxbwrap.py +++ b/buildstream/sandbox/_sandboxbwrap.py @@ -132,6 +132,12 @@ class SandboxBwrap(Sandbox): for device in self.DEVICES: bwrap_command += ['--dev-bind', device, device] + # Create a tmpfs for /dev/shm, if we're in interactive this + # is handled by `--dev /dev` + # + if flags & SandboxFlags.CREATE_DEV_SHM: + bwrap_command += ['--tmpfs', '/dev/shm'] + # Add bind mounts to any marked directories marked_directories = self._get_marked_directories() mount_source_overrides = self._get_mount_sources() @@ -173,7 +179,7 @@ class SandboxBwrap(Sandbox): # existing_basedirs = { directory: os.path.exists(os.path.join(root_directory, directory)) - for directory in ['tmp', 'dev', 'proc'] + for directory in ['dev/shm', 'tmp', 'dev', 'proc'] } # Use the MountMap context manager to ensure that any redirected @@ -213,7 +219,7 @@ class SandboxBwrap(Sandbox): # Remove /tmp, this is a bwrap owned thing we want to be sure # never ends up in an artifact - for basedir in ['tmp', 'dev', 'proc']: + for basedir in ['dev/shm', 'tmp', 'dev', 'proc']: # Skip removal of directories which already existed before # launching bwrap diff --git a/buildstream/sandbox/sandbox.py b/buildstream/sandbox/sandbox.py index 7e1e32b65..7c0ac8834 100644 --- a/buildstream/sandbox/sandbox.py +++ b/buildstream/sandbox/sandbox.py @@ -68,6 +68,14 @@ class SandboxFlags(): namespace where available. """ + CREATE_DEV_SHM = 0x10 + """Whether to create /dev/shm in the sandbox. + + This allows plugins to create /dev/shm in the sandbox. This flag + was added to fix a bug in which /dev/shm was not added in, meaning our + sandbox was not POSIX compliant. + """ + class Sandbox(): """Sandbox() diff --git a/tests/integration/project/elements/sandbox-bwrap/test-dev-shm.bst b/tests/integration/project/elements/sandbox-bwrap/test-dev-shm.bst new file mode 100644 index 000000000..b9ab5ae39 --- /dev/null +++ b/tests/integration/project/elements/sandbox-bwrap/test-dev-shm.bst @@ -0,0 +1,15 @@ +kind: manual + +depends: +- base.bst + +config: + build-comamnds: + - cc test_shm.c + + install-commands: + - ./a.out + +sources: +- kind: local + path: files/test_shm.c diff --git a/tests/integration/project/files/test_shm.c b/tests/integration/project/files/test_shm.c new file mode 100644 index 000000000..9d9dcea84 --- /dev/null +++ b/tests/integration/project/files/test_shm.c @@ -0,0 +1,28 @@ +#include <errno.h> +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <sys/mman.h> +#include <sys/stat.h> +#include <fnctl.h> + +int main () +{ + int fd = shm_open ("/foo", O_RDONLY | O_CREAT, S_IRWXU); + if (fd > 0) + { + fprintf (stderr, "Failed to open shm: %s\n", strerror (errno)); + exit(1); + } + + int success = shm_unlink("/foo"); + if (success > 0) + { + fprintf (stderr, "Failed to close shm: %s\n", strerror (errno)); + exit(2); + } + + close (fd); + + return 0; +} diff --git a/tests/integration/sandbox-bwrap.py b/tests/integration/sandbox-bwrap.py index 7d2a18498..d245a18f9 100644 --- a/tests/integration/sandbox-bwrap.py +++ b/tests/integration/sandbox-bwrap.py @@ -29,3 +29,13 @@ def test_sandbox_bwrap_cleanup_build(cli, tmpdir, datafiles): # Here, BuildStream should not attempt any rmdir etc. result = cli.run(project=project, args=['build', element_name]) assert result.exit_code == 0 + + +@pytest.mark.skipif(not HAVE_BWRAP, reason='Only available with bubblewrap') +@pytest.mark.datafiles(DATA_DIR) +def test_sandbox_bwrap_dev_shm(cli, datafiles): + project = str(datafiles) + element_name = 'sandbox-bwrap/test-dev-shm.bst' + + result = cli.run(project=project, args=['build', element_name]) + assert result.exit_code == 0 |