diff options
| author | Jürg Billeter <j@bitron.ch> | 2018-09-26 09:13:22 +0100 |
|---|---|---|
| committer | Jürg Billeter <j@bitron.ch> | 2018-09-27 10:18:03 +0100 |
| commit | f8bbe00878ba21b623c593673b1dee11584ca2a6 (patch) | |
| tree | 24e3c36de57bfed35acb6e99776db3fd35acd5db | |
| parent | b99a67405d0240557bfb29528606b8c23609a460 (diff) | |
| download | buildstream-f8bbe00878ba21b623c593673b1dee11584ca2a6.tar.gz | |
_platform: Add check_sandbox_config() method
| -rw-r--r-- | buildstream/_platform/linux.py | 13 | ||||
| -rw-r--r-- | buildstream/_platform/platform.py | 4 | ||||
| -rw-r--r-- | buildstream/_platform/unix.py | 10 |
3 files changed, 26 insertions, 1 deletions
diff --git a/buildstream/_platform/linux.py b/buildstream/_platform/linux.py index a5fd0d687..3e31b69c8 100644 --- a/buildstream/_platform/linux.py +++ b/buildstream/_platform/linux.py @@ -17,6 +17,7 @@ # Authors: # Tristan Maat <tristan.maat@codethink.co.uk> +import os import subprocess from .. import _site @@ -34,6 +35,9 @@ class Linux(Platform): super().__init__(context) + self._uid = os.geteuid() + self._gid = os.getegid() + self._die_with_parent_available = _site.check_bwrap_version(0, 1, 8) self._user_ns_available = self._check_user_ns_available(context) self._artifact_cache = CASCache(context, enable_push=self._user_ns_available) @@ -48,6 +52,15 @@ class Linux(Platform): kwargs['die_with_parent_available'] = self._die_with_parent_available return SandboxBwrap(*args, **kwargs) + def check_sandbox_config(self, config): + if self._user_ns_available: + # User namespace support allows arbitrary build UID/GID settings. + return True + else: + # Without user namespace support, the UID/GID in the sandbox + # will match the host UID/GID. + return config.build_uid == self._uid and config.build_gid == self._gid + ################################################ # Private Methods # ################################################ diff --git a/buildstream/_platform/platform.py b/buildstream/_platform/platform.py index 8a074eb62..8dcfe95e5 100644 --- a/buildstream/_platform/platform.py +++ b/buildstream/_platform/platform.py @@ -92,3 +92,7 @@ class Platform(): def create_sandbox(self, *args, **kwargs): raise ImplError("Platform {platform} does not implement create_sandbox()" .format(platform=type(self).__name__)) + + def check_sandbox_config(self, config): + raise ImplError("Platform {platform} does not implement check_sandbox_config()" + .format(platform=type(self).__name__)) diff --git a/buildstream/_platform/unix.py b/buildstream/_platform/unix.py index 0306a4ac5..e356fc89c 100644 --- a/buildstream/_platform/unix.py +++ b/buildstream/_platform/unix.py @@ -33,8 +33,11 @@ class Unix(Platform): super().__init__(context) self._artifact_cache = CASCache(context) + self._uid = os.geteuid() + self._gid = os.getegid() + # Not necessarily 100% reliable, but we want to fail early. - if os.geteuid() != 0: + if self._uid != 0: raise PlatformError("Root privileges are required to run without bubblewrap.") @property @@ -43,3 +46,8 @@ class Unix(Platform): def create_sandbox(self, *args, **kwargs): return SandboxChroot(*args, **kwargs) + + def check_sandbox_config(self, config): + # With the chroot sandbox, the UID/GID in the sandbox + # will match the host UID/GID (typically 0/0). + return config.build_uid == self._uid and config.build_gid == self._gid |