hst/config: handle filesystem entry targeting root
All checks were successful
Test / Create distribution (push) Successful in 35s
Test / Sandbox (push) Successful in 2m20s
Test / Hpkg (push) Successful in 4m2s
Test / Sandbox (race detector) (push) Successful in 4m24s
Test / Hakurei (race detector) (push) Successful in 5m6s
Test / Hakurei (push) Successful in 2m10s
Test / Flake checks (push) Successful in 1m24s
All checks were successful
Test / Create distribution (push) Successful in 35s
Test / Sandbox (push) Successful in 2m20s
Test / Hpkg (push) Successful in 4m2s
Test / Sandbox (race detector) (push) Successful in 4m24s
Test / Hakurei (race detector) (push) Successful in 5m6s
Test / Hakurei (push) Successful in 2m10s
Test / Flake checks (push) Successful in 1m24s
This allows any fstype supported by hst to be directly mounted on sysroot. A special case in internal/app applies the matching entry early and excludes it from path hiding. Closes #5. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
@@ -93,17 +93,12 @@ type (
|
||||
|
||||
// pass through all devices
|
||||
Device bool `json:"device,omitempty"`
|
||||
// container mount points
|
||||
// container mount points;
|
||||
// if the first element targets /, it is inserted early and excluded from path hiding
|
||||
Filesystem []FilesystemConfigJSON `json:"filesystem"`
|
||||
// create symlinks inside container filesystem
|
||||
Link []LinkConfig `json:"symlink"`
|
||||
|
||||
// automatically bind mount top-level directories to container root;
|
||||
// the zero value disables this behaviour
|
||||
AutoRoot *container.Absolute `json:"auto_root,omitempty"`
|
||||
// extra flags for AutoRoot
|
||||
RootFlags int `json:"root_flags,omitempty"`
|
||||
|
||||
// read-only /etc directory
|
||||
Etc *container.Absolute `json:"etc,omitempty"`
|
||||
// automatically set up /etc symlinks
|
||||
|
||||
@@ -97,6 +97,7 @@ func Template() *Config {
|
||||
"GOOGLE_DEFAULT_CLIENT_SECRET": "OTJgUOQcT7lO7GsGZq2G4IlT",
|
||||
},
|
||||
Filesystem: []FilesystemConfigJSON{
|
||||
{&FSBind{container.AbsFHSRoot, container.AbsFHSVarLib.Append("hakurei/base/org.debian"), true, false, false, true}},
|
||||
{&FSEphemeral{Target: container.AbsFHSTmp, Write: true, Perm: 0755}},
|
||||
{&FSOverlay{
|
||||
Target: container.MustAbs("/nix/store"),
|
||||
@@ -111,11 +112,9 @@ func Template() *Config {
|
||||
Target: container.MustAbs("/data/data/org.chromium.Chromium"), Write: true}},
|
||||
{&FSBind{Source: container.AbsFHSDev.Append("dri"), Device: true, Optional: true}},
|
||||
},
|
||||
Link: []LinkConfig{{container.AbsFHSRunUser.Append("65534"), container.FHSRunUser + "150"}},
|
||||
AutoRoot: container.AbsFHSVarLib.Append("hakurei/base/org.debian"),
|
||||
RootFlags: container.BindWritable,
|
||||
Etc: container.AbsFHSEtc,
|
||||
AutoEtc: true,
|
||||
Link: []LinkConfig{{container.AbsFHSRunUser.Append("65534"), container.FHSRunUser + "150"}},
|
||||
Etc: container.AbsFHSEtc,
|
||||
AutoEtc: true,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
@@ -102,6 +102,13 @@ func TestTemplate(t *testing.T) {
|
||||
"map_real_uid": true,
|
||||
"device": true,
|
||||
"filesystem": [
|
||||
{
|
||||
"type": "bind",
|
||||
"dst": "/",
|
||||
"src": "/var/lib/hakurei/base/org.debian",
|
||||
"write": true,
|
||||
"autoroot": true
|
||||
},
|
||||
{
|
||||
"type": "ephemeral",
|
||||
"dst": "/tmp/",
|
||||
@@ -148,8 +155,6 @@ func TestTemplate(t *testing.T) {
|
||||
"linkname": "/run/user/150"
|
||||
}
|
||||
],
|
||||
"auto_root": "/var/lib/hakurei/base/org.debian",
|
||||
"root_flags": 2,
|
||||
"etc": "/etc/",
|
||||
"auto_etc": true
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user