summaryrefslogtreecommitdiff
path: root/src/buildstream/sandbox
diff options
context:
space:
mode:
authorJürg Billeter <j@bitron.ch>2020-03-30 17:47:12 +0200
committerbst-marge-bot <marge-bot@buildstream.build>2020-04-14 15:30:49 +0000
commitafb35bb157ae02df5022f220c2e10dcd4e51d4ad (patch)
tree03c0690ec98b03e3982f8519f5f94c7e2181f426 /src/buildstream/sandbox
parent96430e2cf83ed0140968870e537494c130d43b7f (diff)
downloadbuildstream-afb35bb157ae02df5022f220c2e10dcd4e51d4ad.tar.gz
sandbox: Make build-uid and build-gid configuration optional
This allows use of sandbox implementations that don't support configuring sandbox UID/GID such as buildbox-run-userchroot.
Diffstat (limited to 'src/buildstream/sandbox')
-rw-r--r--src/buildstream/sandbox/_config.py13
-rw-r--r--src/buildstream/sandbox/_sandboxbuildboxrun.py5
-rw-r--r--src/buildstream/sandbox/_sandboxbwrap.py14
-rw-r--r--src/buildstream/sandbox/_sandboxreapi.py6
4 files changed, 18 insertions, 20 deletions
diff --git a/src/buildstream/sandbox/_config.py b/src/buildstream/sandbox/_config.py
index 614f22063..7a71e7d50 100644
--- a/src/buildstream/sandbox/_config.py
+++ b/src/buildstream/sandbox/_config.py
@@ -39,21 +39,12 @@ class SandboxConfig:
#
def get_unique_key(self):
- # Currently operating system and machine architecture
- # are not configurable and we have no sandbox implementation
- # which can conform to such configurations.
- #
- # However this should be the right place to support
- # such configurations in the future.
- #
unique_key = {"os": self.build_os, "arch": self.build_arch}
- # Avoid breaking cache key calculation with
- # the addition of configurabuild build uid/gid
- if self.build_uid != 0:
+ if self.build_uid is not None:
unique_key["build-uid"] = self.build_uid
- if self.build_gid != 0:
+ if self.build_gid is not None:
unique_key["build-gid"] = self.build_gid
return unique_key
diff --git a/src/buildstream/sandbox/_sandboxbuildboxrun.py b/src/buildstream/sandbox/_sandboxbuildboxrun.py
index f6ecbeaa0..aa9e447b9 100644
--- a/src/buildstream/sandbox/_sandboxbuildboxrun.py
+++ b/src/buildstream/sandbox/_sandboxbuildboxrun.py
@@ -67,6 +67,11 @@ class SandboxBuildBoxRun(SandboxREAPI):
if config.build_arch != platform.get_host_arch():
raise SandboxError("Configured and host architecture don't match.")
+ if config.build_uid is not None and "platform:unixUID" not in cls._capabilities:
+ raise SandboxError("Configuring sandbox UID is not supported by buildbox-run.")
+ if config.build_gid is not None and "platform:unixGID" not in cls._capabilities:
+ raise SandboxError("Configuring sandbox GID is not supported by buildbox-run.")
+
return True
def _execute_action(self, action, flags):
diff --git a/src/buildstream/sandbox/_sandboxbwrap.py b/src/buildstream/sandbox/_sandboxbwrap.py
index 433b0f754..e7c494e5f 100644
--- a/src/buildstream/sandbox/_sandboxbwrap.py
+++ b/src/buildstream/sandbox/_sandboxbwrap.py
@@ -107,13 +107,13 @@ class SandboxBwrap(Sandbox):
@classmethod
def check_sandbox_config(cls, local_platform, config):
- if cls.user_ns_available:
- # User namespace support allows arbitrary build UID/GID settings.
- pass
- elif config.build_uid != local_platform._uid or config.build_gid != local_platform._gid:
+ if not cls.user_ns_available:
# Without user namespace support, the UID/GID in the sandbox
# will match the host UID/GID.
- return False
+ if config.build_uid is not None and config.build_uid != local_platform._uid:
+ raise SandboxError("Configured and host UID don't match and user namespace is not supported.")
+ if config.build_gid is not None and config.build_gid != local_platform._gid:
+ raise SandboxError("Configured and host UID don't match and user namespace is not supported.")
host_os = local_platform.get_host_os()
host_arch = local_platform.get_host_arch()
@@ -230,8 +230,8 @@ class SandboxBwrap(Sandbox):
if self.user_ns_available:
bwrap_command += ["--unshare-user"]
if not flags & SandboxFlags.INHERIT_UID:
- uid = self._get_config().build_uid
- gid = self._get_config().build_gid
+ uid = self._get_config().build_uid or 0
+ gid = self._get_config().build_gid or 0
bwrap_command += ["--uid", str(uid), "--gid", str(gid)]
with ExitStack() as stack:
diff --git a/src/buildstream/sandbox/_sandboxreapi.py b/src/buildstream/sandbox/_sandboxreapi.py
index 9d8c22f0b..43d00a357 100644
--- a/src/buildstream/sandbox/_sandboxreapi.py
+++ b/src/buildstream/sandbox/_sandboxreapi.py
@@ -136,8 +136,10 @@ class SandboxREAPI(Sandbox):
else:
uid = config.build_uid
gid = config.build_gid
- platform_dict["unixUID"] = str(uid)
- platform_dict["unixGID"] = str(gid)
+ if uid is not None:
+ platform_dict["unixUID"] = str(uid)
+ if gid is not None:
+ platform_dict["unixGID"] = str(gid)
if flags & SandboxFlags.NETWORK_ENABLED:
platform_dict["network"] = "on"