diff options
| author | Thomas Coldrick <coldtom@protonmail.com> | 2020-01-17 21:18:28 +0000 |
|---|---|---|
| committer | Javier Jardón <jjardon@gnome.org> | 2020-04-08 15:28:58 +0000 |
| commit | 4cc77eac4a1a195a52b58ceffd12e32f381ec7fc (patch) | |
| tree | 98f8e6fa51d6de05815e7fd0a9637585c7177c5e /buildstream/sandbox/_sandboxbwrap.py | |
| parent | ec4a9fe9debb1d506a739f1b65748c8b612d7a09 (diff) | |
| download | buildstream-coldtom/backport-dev-shm.tar.gz | |
_sandboxbwrap.py: Create /dev/shm in the sandboxcoldtom/backport-dev-shm
Create /dev/shm as a tmpfs in the sandbox. Before now access to /dev/shm
was only available by a plugin using `Sandbox.mark_directory()` or
adding to `Sandbox.DEVICES`, either of which would _mount_ /dev/shm into
the sandbox, allowing pollution from the host. This adds it as a tmpfs
by default, which seems sensible as it is required for POSIX support.
Also adds a test which makes sure that we can open a shared memory
object inside the build sandbox with some (probably poor) C code.
Backport of !1694
Diffstat (limited to 'buildstream/sandbox/_sandboxbwrap.py')
| -rw-r--r-- | buildstream/sandbox/_sandboxbwrap.py | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/buildstream/sandbox/_sandboxbwrap.py b/buildstream/sandbox/_sandboxbwrap.py index 450f1913f..548d27228 100644 --- a/buildstream/sandbox/_sandboxbwrap.py +++ b/buildstream/sandbox/_sandboxbwrap.py @@ -132,6 +132,12 @@ class SandboxBwrap(Sandbox): for device in self.DEVICES: bwrap_command += ['--dev-bind', device, device] + # Create a tmpfs for /dev/shm, if we're in interactive this + # is handled by `--dev /dev` + # + if flags & SandboxFlags.CREATE_DEV_SHM: + bwrap_command += ['--tmpfs', '/dev/shm'] + # Add bind mounts to any marked directories marked_directories = self._get_marked_directories() mount_source_overrides = self._get_mount_sources() @@ -173,7 +179,7 @@ class SandboxBwrap(Sandbox): # existing_basedirs = { directory: os.path.exists(os.path.join(root_directory, directory)) - for directory in ['tmp', 'dev', 'proc'] + for directory in ['dev/shm', 'tmp', 'dev', 'proc'] } # Use the MountMap context manager to ensure that any redirected @@ -213,7 +219,7 @@ class SandboxBwrap(Sandbox): # Remove /tmp, this is a bwrap owned thing we want to be sure # never ends up in an artifact - for basedir in ['tmp', 'dev', 'proc']: + for basedir in ['dev/shm', 'tmp', 'dev', 'proc']: # Skip removal of directories which already existed before # launching bwrap |