diff options
author | Jürg Billeter <j@bitron.ch> | 2020-03-30 17:47:12 +0200 |
---|---|---|
committer | bst-marge-bot <marge-bot@buildstream.build> | 2020-04-14 15:30:49 +0000 |
commit | afb35bb157ae02df5022f220c2e10dcd4e51d4ad (patch) | |
tree | 03c0690ec98b03e3982f8519f5f94c7e2181f426 /src/buildstream/sandbox | |
parent | 96430e2cf83ed0140968870e537494c130d43b7f (diff) | |
download | buildstream-afb35bb157ae02df5022f220c2e10dcd4e51d4ad.tar.gz |
sandbox: Make build-uid and build-gid configuration optional
This allows use of sandbox implementations that don't support
configuring sandbox UID/GID such as buildbox-run-userchroot.
Diffstat (limited to 'src/buildstream/sandbox')
-rw-r--r-- | src/buildstream/sandbox/_config.py | 13 | ||||
-rw-r--r-- | src/buildstream/sandbox/_sandboxbuildboxrun.py | 5 | ||||
-rw-r--r-- | src/buildstream/sandbox/_sandboxbwrap.py | 14 | ||||
-rw-r--r-- | src/buildstream/sandbox/_sandboxreapi.py | 6 |
4 files changed, 18 insertions, 20 deletions
diff --git a/src/buildstream/sandbox/_config.py b/src/buildstream/sandbox/_config.py index 614f22063..7a71e7d50 100644 --- a/src/buildstream/sandbox/_config.py +++ b/src/buildstream/sandbox/_config.py @@ -39,21 +39,12 @@ class SandboxConfig: # def get_unique_key(self): - # Currently operating system and machine architecture - # are not configurable and we have no sandbox implementation - # which can conform to such configurations. - # - # However this should be the right place to support - # such configurations in the future. - # unique_key = {"os": self.build_os, "arch": self.build_arch} - # Avoid breaking cache key calculation with - # the addition of configurabuild build uid/gid - if self.build_uid != 0: + if self.build_uid is not None: unique_key["build-uid"] = self.build_uid - if self.build_gid != 0: + if self.build_gid is not None: unique_key["build-gid"] = self.build_gid return unique_key diff --git a/src/buildstream/sandbox/_sandboxbuildboxrun.py b/src/buildstream/sandbox/_sandboxbuildboxrun.py index f6ecbeaa0..aa9e447b9 100644 --- a/src/buildstream/sandbox/_sandboxbuildboxrun.py +++ b/src/buildstream/sandbox/_sandboxbuildboxrun.py @@ -67,6 +67,11 @@ class SandboxBuildBoxRun(SandboxREAPI): if config.build_arch != platform.get_host_arch(): raise SandboxError("Configured and host architecture don't match.") + if config.build_uid is not None and "platform:unixUID" not in cls._capabilities: + raise SandboxError("Configuring sandbox UID is not supported by buildbox-run.") + if config.build_gid is not None and "platform:unixGID" not in cls._capabilities: + raise SandboxError("Configuring sandbox GID is not supported by buildbox-run.") + return True def _execute_action(self, action, flags): diff --git a/src/buildstream/sandbox/_sandboxbwrap.py b/src/buildstream/sandbox/_sandboxbwrap.py index 433b0f754..e7c494e5f 100644 --- a/src/buildstream/sandbox/_sandboxbwrap.py +++ b/src/buildstream/sandbox/_sandboxbwrap.py @@ -107,13 +107,13 @@ class SandboxBwrap(Sandbox): @classmethod def check_sandbox_config(cls, local_platform, config): - if cls.user_ns_available: - # User namespace support allows arbitrary build UID/GID settings. - pass - elif config.build_uid != local_platform._uid or config.build_gid != local_platform._gid: + if not cls.user_ns_available: # Without user namespace support, the UID/GID in the sandbox # will match the host UID/GID. - return False + if config.build_uid is not None and config.build_uid != local_platform._uid: + raise SandboxError("Configured and host UID don't match and user namespace is not supported.") + if config.build_gid is not None and config.build_gid != local_platform._gid: + raise SandboxError("Configured and host UID don't match and user namespace is not supported.") host_os = local_platform.get_host_os() host_arch = local_platform.get_host_arch() @@ -230,8 +230,8 @@ class SandboxBwrap(Sandbox): if self.user_ns_available: bwrap_command += ["--unshare-user"] if not flags & SandboxFlags.INHERIT_UID: - uid = self._get_config().build_uid - gid = self._get_config().build_gid + uid = self._get_config().build_uid or 0 + gid = self._get_config().build_gid or 0 bwrap_command += ["--uid", str(uid), "--gid", str(gid)] with ExitStack() as stack: diff --git a/src/buildstream/sandbox/_sandboxreapi.py b/src/buildstream/sandbox/_sandboxreapi.py index 9d8c22f0b..43d00a357 100644 --- a/src/buildstream/sandbox/_sandboxreapi.py +++ b/src/buildstream/sandbox/_sandboxreapi.py @@ -136,8 +136,10 @@ class SandboxREAPI(Sandbox): else: uid = config.build_uid gid = config.build_gid - platform_dict["unixUID"] = str(uid) - platform_dict["unixGID"] = str(gid) + if uid is not None: + platform_dict["unixUID"] = str(uid) + if gid is not None: + platform_dict["unixGID"] = str(gid) if flags & SandboxFlags.NETWORK_ENABLED: platform_dict["network"] = "on" |