security/hakurei
6
3
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

sandbox: separate tmpfs function from op
All checks were successful
Test / Create distribution (push) Successful in 25s
Details
Test / Fortify (push) Successful in 2m34s
Details
Test / Fpkg (push) Successful in 3m25s
Details
Test / Data race detector (push) Successful in 3m32s
Details
Test / Flake checks (push) Successful in 52s
Details

Browse Source 
This is useful in the implementation of various other ops.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2025-03-14 00:21:20 +09:00
parent f1002157a5
commit 5d9e669d97
2 changed files with 18 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
internal/sandbox/mount.go
View File

@@ -79,3 +79,17 @@ func bindMount(src, dest string, flags int) error {
return fmsg.WrapErrorSuffix(syscall.Mount(source, target, "", mf, ""),
fmt.Sprintf("cannot bind %q on %q:", src, dest))
}
func mountTmpfs(name string, size int, perm os.FileMode) error {
target := toSysroot(name)
if err := os.MkdirAll(target, perm); err != nil {
return err
}
opt := fmt.Sprintf("mode=%#o", perm)
if size > 0 {
opt += fmt.Sprintf(",size=%d", size)
}
return fmsg.WrapErrorSuffix(syscall.Mount("tmpfs", target, "tmpfs",
syscall.MS_NOSUID|syscall.MS_NODEV, opt),
fmt.Sprintf("cannot mount tmpfs on %q:", name))
}