hst/container: optional runtime and tmpdir sharing
All checks were successful
Test / Create distribution (push) Successful in 25s
Test / Sandbox (push) Successful in 39s
Test / Sandbox (race detector) (push) Successful in 39s
Test / Hakurei (push) Successful in 42s
Test / Hpkg (push) Successful in 40s
Test / Hakurei (race detector) (push) Successful in 44s
Test / Flake checks (push) Successful in 1m23s
All checks were successful
Test / Create distribution (push) Successful in 25s
Test / Sandbox (push) Successful in 39s
Test / Sandbox (race detector) (push) Successful in 39s
Test / Hakurei (push) Successful in 42s
Test / Hpkg (push) Successful in 40s
Test / Hakurei (race detector) (push) Successful in 44s
Test / Flake checks (push) Successful in 1m23s
Sharing and persisting these directories do not always make sense. Make it optional here. Closes #16. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
@@ -63,6 +63,11 @@ const (
|
||||
// FDevice mount /dev/ from the init mount namespace as-is in the container mount namespace.
|
||||
FDevice
|
||||
|
||||
// FShareRuntime shares XDG_RUNTIME_DIR between containers under the same identity.
|
||||
FShareRuntime
|
||||
// FShareTmpdir shares TMPDIR between containers under the same identity.
|
||||
FShareTmpdir
|
||||
|
||||
fMax
|
||||
|
||||
// FAll is [ContainerConfig.Flags] with all currently defined bits set.
|
||||
@@ -133,6 +138,11 @@ type containerConfigJSON = struct {
|
||||
|
||||
// Corresponds to [FDevice].
|
||||
Device bool `json:"device,omitempty"`
|
||||
|
||||
// Corresponds to [FShareRuntime].
|
||||
ShareRuntime bool `json:"share_runtime,omitempty"`
|
||||
// Corresponds to [FShareTmpdir]
|
||||
ShareTmpdir bool `json:"share_tmpdir,omitempty"`
|
||||
}
|
||||
|
||||
func (c *ContainerConfig) MarshalJSON() ([]byte, error) {
|
||||
@@ -151,6 +161,8 @@ func (c *ContainerConfig) MarshalJSON() ([]byte, error) {
|
||||
Multiarch: c.Flags&FMultiarch != 0,
|
||||
MapRealUID: c.Flags&FMapRealUID != 0,
|
||||
Device: c.Flags&FDevice != 0,
|
||||
ShareRuntime: c.Flags&FShareRuntime != 0,
|
||||
ShareTmpdir: c.Flags&FShareTmpdir != 0,
|
||||
})
|
||||
}
|
||||
|
||||
@@ -192,5 +204,11 @@ func (c *ContainerConfig) UnmarshalJSON(data []byte) error {
|
||||
if v.Device {
|
||||
c.Flags |= FDevice
|
||||
}
|
||||
if v.ShareRuntime {
|
||||
c.Flags |= FShareRuntime
|
||||
}
|
||||
if v.ShareTmpdir {
|
||||
c.Flags |= FShareTmpdir
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -28,7 +28,7 @@ func TestContainerConfig(t *testing.T) {
|
||||
{"hostnet hostabstract mapuid", &hst.ContainerConfig{Flags: hst.FHostNet | hst.FHostAbstract | hst.FMapRealUID},
|
||||
`{"env":null,"filesystem":null,"shell":null,"home":null,"args":null,"host_net":true,"host_abstract":true,"map_real_uid":true}`},
|
||||
{"all", &hst.ContainerConfig{Flags: hst.FAll},
|
||||
`{"env":null,"filesystem":null,"shell":null,"home":null,"args":null,"seccomp_compat":true,"devel":true,"userns":true,"host_net":true,"host_abstract":true,"tty":true,"multiarch":true,"map_real_uid":true,"device":true}`},
|
||||
`{"env":null,"filesystem":null,"shell":null,"home":null,"args":null,"seccomp_compat":true,"devel":true,"userns":true,"host_net":true,"host_abstract":true,"tty":true,"multiarch":true,"map_real_uid":true,"device":true,"share_runtime":true,"share_tmpdir":true}`},
|
||||
}
|
||||
|
||||
for _, tc := range testCases {
|
||||
|
||||
@@ -244,7 +244,9 @@ func TestTemplate(t *testing.T) {
|
||||
"tty": true,
|
||||
"multiarch": true,
|
||||
"map_real_uid": true,
|
||||
"device": true
|
||||
"device": true,
|
||||
"share_runtime": true,
|
||||
"share_tmpdir": true
|
||||
}
|
||||
}`
|
||||
|
||||
|
||||
Reference in New Issue
Block a user