fst/config: alternative /etc directory

This is useful for static /etc directories provided by self-contained application packages, or in cases where autoetc is useful for paths other than /etc. Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-27 18:06:26 +09:00
parent aef847b5ae
commit 2fdbd6a4dd
2 changed files with 22 additions and 3 deletions
--- a/fst/config.go
+++ b/fst/config.go
@@ -70,6 +70,8 @@ type SandboxConfig struct {
 	Filesystem []*FilesystemConfig `json:"filesystem"`
 	// symlinks created inside the sandbox
 	Link [][2]string `json:"symlink"`
+	// read-only /etc directory
+	Etc string `json:"etc,omitempty"`
 	// automatically set up /etc symlinks
 	AutoEtc bool `json:"auto_etc"`
 	// paths to override by mounting tmpfs over them
@@ -127,7 +129,11 @@ func (s *SandboxConfig) Bwrap(os linux.System) (*bwrap.Config, error) {
 	}

 	if !s.AutoEtc {
-		conf.Dir("/etc")
+		if s.Etc == "" {
+			conf.Dir("/etc")
+		} else {
+			conf.Bind(s.Etc, "/etc")
+		}
 	}

 	for _, c := range s.Filesystem {
@@ -147,7 +153,11 @@ func (s *SandboxConfig) Bwrap(os linux.System) (*bwrap.Config, error) {
 	}

 	if s.AutoEtc {
-		conf.Bind("/etc", Tmp+"/etc")
+		if s.Etc == "" {
+			conf.Bind("/etc", Tmp+"/etc")
+		} else {
+			conf.Bind(s.Etc, Tmp+"/etc")
+		}

 		// link host /etc contents to prevent passwd/group from being overwritten
 		if d, err := os.ReadDir("/etc"); err != nil {