hst/container: optional runtime and tmpdir sharing
All checks were successful
Test / Create distribution (push) Successful in 25s
Test / Sandbox (push) Successful in 39s
Test / Sandbox (race detector) (push) Successful in 39s
Test / Hakurei (push) Successful in 42s
Test / Hpkg (push) Successful in 40s
Test / Hakurei (race detector) (push) Successful in 44s
Test / Flake checks (push) Successful in 1m23s
All checks were successful
Test / Create distribution (push) Successful in 25s
Test / Sandbox (push) Successful in 39s
Test / Sandbox (race detector) (push) Successful in 39s
Test / Hakurei (push) Successful in 42s
Test / Hpkg (push) Successful in 40s
Test / Hakurei (race detector) (push) Successful in 44s
Test / Flake checks (push) Successful in 1m23s
Sharing and persisting these directories do not always make sense. Make it optional here. Closes #16. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
@@ -70,7 +70,7 @@ func TestApp(t *testing.T) {
|
||||
Path: m("/run/current-system/sw/bin/zsh"),
|
||||
Args: []string{"/run/current-system/sw/bin/zsh"},
|
||||
|
||||
Flags: hst.FUserns | hst.FHostNet | hst.FHostAbstract | hst.FTty,
|
||||
Flags: hst.FUserns | hst.FHostNet | hst.FHostAbstract | hst.FTty | hst.FShareRuntime | hst.FShareTmpdir,
|
||||
}},
|
||||
state.ID{
|
||||
0x4a, 0x45, 0x0b, 0x65,
|
||||
@@ -193,7 +193,7 @@ func TestApp(t *testing.T) {
|
||||
Path: m("/run/current-system/sw/bin/zsh"),
|
||||
Args: []string{"zsh", "-c", "exec chromium "},
|
||||
|
||||
Flags: hst.FUserns | hst.FHostNet | hst.FHostAbstract | hst.FTty,
|
||||
Flags: hst.FUserns | hst.FHostNet | hst.FHostAbstract | hst.FTty | hst.FShareRuntime | hst.FShareTmpdir,
|
||||
},
|
||||
},
|
||||
state.ID{
|
||||
@@ -331,7 +331,7 @@ func TestApp(t *testing.T) {
|
||||
|
||||
Path: m("/nix/store/yqivzpzzn7z5x0lq9hmbzygh45d8rhqd-chromium-start"),
|
||||
|
||||
Flags: hst.FUserns | hst.FHostNet | hst.FMapRealUID,
|
||||
Flags: hst.FUserns | hst.FHostNet | hst.FMapRealUID | hst.FShareRuntime | hst.FShareTmpdir,
|
||||
},
|
||||
SystemBus: &hst.BusConfig{
|
||||
Talk: []string{"org.bluez", "org.freedesktop.Avahi", "org.freedesktop.UPower"},
|
||||
|
||||
@@ -72,11 +72,13 @@ type spRuntimeOp struct {
|
||||
}
|
||||
|
||||
func (s *spRuntimeOp) toSystem(state *outcomeStateSys) error {
|
||||
runtimeDir, runtimeDirInst := s.commonPaths(state.outcomeState)
|
||||
state.sys.Ensure(runtimeDir, 0700)
|
||||
state.sys.UpdatePermType(system.User, runtimeDir, acl.Execute)
|
||||
state.sys.Ensure(runtimeDirInst, 0700)
|
||||
state.sys.UpdatePermType(system.User, runtimeDirInst, acl.Read, acl.Write, acl.Execute)
|
||||
if state.Container.Flags&hst.FShareRuntime != 0 {
|
||||
runtimeDir, runtimeDirInst := s.commonPaths(state.outcomeState)
|
||||
state.sys.Ensure(runtimeDir, 0700)
|
||||
state.sys.UpdatePermType(system.User, runtimeDir, acl.Execute)
|
||||
state.sys.Ensure(runtimeDirInst, 0700)
|
||||
state.sys.UpdatePermType(system.User, runtimeDirInst, acl.Read, acl.Write, acl.Execute)
|
||||
}
|
||||
|
||||
if state.et&hst.EWayland != 0 {
|
||||
s.SessionType = sessionTypeWayland
|
||||
@@ -106,10 +108,13 @@ func (s *spRuntimeOp) toContainer(state *outcomeStateParams) error {
|
||||
|
||||
}
|
||||
|
||||
_, runtimeDirInst := s.commonPaths(state.outcomeState)
|
||||
state.params.
|
||||
Tmpfs(fhs.AbsRunUser, 1<<12, 0755).
|
||||
Bind(runtimeDirInst, state.runtimeDir, bits.BindWritable)
|
||||
state.params.Tmpfs(fhs.AbsRunUser, 1<<12, 0755)
|
||||
if state.Container.Flags&hst.FShareRuntime != 0 {
|
||||
_, runtimeDirInst := s.commonPaths(state.outcomeState)
|
||||
state.params.Bind(runtimeDirInst, state.runtimeDir, bits.BindWritable)
|
||||
} else {
|
||||
state.params.Mkdir(state.runtimeDir, 0700)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
@@ -6,6 +6,7 @@ import (
|
||||
"hakurei.app/container/bits"
|
||||
"hakurei.app/container/check"
|
||||
"hakurei.app/container/fhs"
|
||||
"hakurei.app/hst"
|
||||
"hakurei.app/system"
|
||||
"hakurei.app/system/acl"
|
||||
)
|
||||
@@ -16,18 +17,23 @@ func init() { gob.Register(spTmpdirOp{}) }
|
||||
type spTmpdirOp struct{}
|
||||
|
||||
func (s spTmpdirOp) toSystem(state *outcomeStateSys) error {
|
||||
tmpdir, tmpdirInst := s.commonPaths(state.outcomeState)
|
||||
state.sys.Ensure(tmpdir, 0700)
|
||||
state.sys.UpdatePermType(system.User, tmpdir, acl.Execute)
|
||||
state.sys.Ensure(tmpdirInst, 01700)
|
||||
state.sys.UpdatePermType(system.User, tmpdirInst, acl.Read, acl.Write, acl.Execute)
|
||||
if state.Container.Flags&hst.FShareTmpdir != 0 {
|
||||
tmpdir, tmpdirInst := s.commonPaths(state.outcomeState)
|
||||
state.sys.Ensure(tmpdir, 0700)
|
||||
state.sys.UpdatePermType(system.User, tmpdir, acl.Execute)
|
||||
state.sys.Ensure(tmpdirInst, 01700)
|
||||
state.sys.UpdatePermType(system.User, tmpdirInst, acl.Read, acl.Write, acl.Execute)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s spTmpdirOp) toContainer(state *outcomeStateParams) error {
|
||||
// mount inner /tmp from share so it shares persistence and storage behaviour of host /tmp
|
||||
_, tmpdirInst := s.commonPaths(state.outcomeState)
|
||||
state.params.Bind(tmpdirInst, fhs.AbsTmp, bits.BindWritable)
|
||||
if state.Container.Flags&hst.FShareTmpdir != 0 {
|
||||
_, tmpdirInst := s.commonPaths(state.outcomeState)
|
||||
state.params.Bind(tmpdirInst, fhs.AbsTmp, bits.BindWritable)
|
||||
} else {
|
||||
state.params.Tmpfs(fhs.AbsTmp, 0, 01777)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user