From c83a7e2efc0ae87a6a3d300f18212e4f46c950a2 Mon Sep 17 00:00:00 2001 From: Ophestra Date: Mon, 17 Mar 2025 15:42:40 +0900 Subject: [PATCH] sandbox: mount container /dev/mqueue Signed-off-by: Ophestra --- sandbox/container_test.go | 4 +++- sandbox/sequential.go | 29 +++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/sandbox/container_test.go b/sandbox/container_test.go index 0cca3ea..8de11e5 100644 --- a/sandbox/container_test.go +++ b/sandbox/container_test.go @@ -47,7 +47,8 @@ func TestContainer(t *testing.T) { }, "test-tmpfs"}, {"dev", sandbox.FAllowTTY, // go test output is not a tty new(sandbox.Ops). - Dev("/dev"), + Dev("/dev"). + Mqueue("/dev/mqueue"), []*check.Mntent{ {FSName: "devtmpfs", Dir: "/dev", Type: "tmpfs", Opts: "\x00"}, {FSName: "devtmpfs", Dir: "/dev/null", Type: "devtmpfs", Opts: "\x00", Freq: -1, Passno: -1}, @@ -57,6 +58,7 @@ func TestContainer(t *testing.T) { {FSName: "devtmpfs", Dir: "/dev/urandom", Type: "devtmpfs", Opts: "\x00", Freq: -1, Passno: -1}, {FSName: "devtmpfs", Dir: "/dev/tty", Type: "devtmpfs", Opts: "\x00", Freq: -1, Passno: -1}, {FSName: "devpts", Dir: "/dev/pts", Type: "devpts", Opts: "rw,nosuid,noexec,relatime,mode=620,ptmxmode=666", Freq: 0, Passno: 0}, + {FSName: "mqueue", Dir: "/dev/mqueue", Type: "mqueue", Opts: "rw,nosuid,nodev,noexec,relatime", Freq: 0, Passno: 0}, }, ""}, } diff --git a/sandbox/sequential.go b/sandbox/sequential.go index 45fd27d..9b6e34b 100644 --- a/sandbox/sequential.go +++ b/sandbox/sequential.go @@ -151,6 +151,35 @@ func (f *Ops) Dev(dest string) *Ops { return f } +func init() { gob.Register(new(MountMqueue)) } + +// MountMqueue mounts a private mqueue instance on container Path. +type MountMqueue string + +func (m MountMqueue) apply(*InitParams) error { + v := string(m) + + if !path.IsAbs(v) { + return msg.WrapErr(syscall.EBADE, + fmt.Sprintf("path %q is not absolute", v)) + } + + target := toSysroot(v) + if err := os.MkdirAll(target, 0755); err != nil { + return msg.WrapErr(err, err.Error()) + } + return wrapErrSuffix(syscall.Mount("mqueue", target, "mqueue", + syscall.MS_NOSUID|syscall.MS_NOEXEC|syscall.MS_NODEV, ""), + fmt.Sprintf("cannot mount mqueue on %q:", v)) +} + +func (m MountMqueue) Is(op Op) bool { vm, ok := op.(MountMqueue); return ok && m == vm } +func (m MountMqueue) String() string { return fmt.Sprintf("mqueue on %q", string(m)) } +func (f *Ops) Mqueue(dest string) *Ops { + *f = append(*f, MountMqueue(dest)) + return f +} + func init() { gob.Register(new(MountTmpfs)) } // MountTmpfs mounts tmpfs on container Path.