hst/container: optional runtime and tmpdir sharing

Sharing and persisting these directories do not always make sense. Make it optional here.

Closes #16.

Signed-off-by: Ophestra <cat@gensokyo.uk>

internal/app/sptmpdir.go

@@ -6,6 +6,7 @@ import (
 	"hakurei.app/container/bits"
 	"hakurei.app/container/check"
 	"hakurei.app/container/fhs"
+	"hakurei.app/hst"
 	"hakurei.app/system"
 	"hakurei.app/system/acl"
 )
@@ -16,18 +17,23 @@ func init() { gob.Register(spTmpdirOp{}) }
 type spTmpdirOp struct{}
 
 func (s spTmpdirOp) toSystem(state *outcomeStateSys) error {
-	tmpdir, tmpdirInst := s.commonPaths(state.outcomeState)
-	state.sys.Ensure(tmpdir, 0700)
-	state.sys.UpdatePermType(system.User, tmpdir, acl.Execute)
-	state.sys.Ensure(tmpdirInst, 01700)
-	state.sys.UpdatePermType(system.User, tmpdirInst, acl.Read, acl.Write, acl.Execute)
+	if state.Container.Flags&hst.FShareTmpdir != 0 {
+		tmpdir, tmpdirInst := s.commonPaths(state.outcomeState)
+		state.sys.Ensure(tmpdir, 0700)
+		state.sys.UpdatePermType(system.User, tmpdir, acl.Execute)
+		state.sys.Ensure(tmpdirInst, 01700)
+		state.sys.UpdatePermType(system.User, tmpdirInst, acl.Read, acl.Write, acl.Execute)
+	}
 	return nil
 }
 
 func (s spTmpdirOp) toContainer(state *outcomeStateParams) error {
-	// mount inner /tmp from share so it shares persistence and storage behaviour of host /tmp
-	_, tmpdirInst := s.commonPaths(state.outcomeState)
-	state.params.Bind(tmpdirInst, fhs.AbsTmp, bits.BindWritable)
+	if state.Container.Flags&hst.FShareTmpdir != 0 {
+		_, tmpdirInst := s.commonPaths(state.outcomeState)
+		state.params.Bind(tmpdirInst, fhs.AbsTmp, bits.BindWritable)
+	} else {
+		state.params.Tmpfs(fhs.AbsTmp, 0, 01777)
+	}
 	return nil
 }