Inherit user id and group id for bst shelljuerg/dbus

This allows D-Bus access.

Fixes #227

3 files changed, 13 insertions, 2 deletions

diff --git a/buildstream/element.py b/buildstream/element.py
index 3431af39d..e2d11cabf 100644
--- a/buildstream/element.py
+++ b/buildstream/element.py
@@ -1375,7 +1375,7 @@ class Element(Plugin):
                 if os.environ.get(override) is not None:
                     environment[override] = os.environ.get(override)
 
-            flags = SandboxFlags.NETWORK_ENABLED | SandboxFlags.INTERACTIVE
+            flags = SandboxFlags.NETWORK_ENABLED | SandboxFlags.INTERACTIVE | SandboxFlags.INHERIT_UID
 
             if command:
                 argv = [arg for arg in command]
diff --git a/buildstream/sandbox/_sandboxbwrap.py b/buildstream/sandbox/_sandboxbwrap.py
index 71fd6951b..cab178f0f 100644
--- a/buildstream/sandbox/_sandboxbwrap.py
+++ b/buildstream/sandbox/_sandboxbwrap.py
@@ -130,7 +130,9 @@ class SandboxBwrap(Sandbox):
 
         # Set UID and GUI
         if self.user_ns_available:
-            bwrap_command += ['--unshare-user', '--uid', '0', '--gid', '0']
+            bwrap_command += ['--unshare-user']
+            if not flags & SandboxFlags.INHERIT_UID:
+                bwrap_command += ['--uid', '0', '--gid', '0']
 
         # Add the command
         bwrap_command += command
diff --git a/buildstream/sandbox/sandbox.py b/buildstream/sandbox/sandbox.py
index 00245309a..f59527cf4 100644
--- a/buildstream/sandbox/sandbox.py
+++ b/buildstream/sandbox/sandbox.py
@@ -59,6 +59,15 @@ class SandboxFlags():
     the terminal entirely.
     """
 
+    INHERIT_UID = 0x08
+    """Whether to use the user id and group id from the host environment
+
+    This determines if processes in the sandbox should run with the
+    same user id and group id as BuildStream itself. By default,
+    processes run with user id and group id 0, protected by a user
+    namespace where available.
+    """
+
 
 class Sandbox():
     """Sandbox()