container/fhs: add constant for /dev/shm/
All checks were successful
Test / Create distribution (push) Successful in 36s
Test / Sandbox (push) Successful in 2m21s
Test / Hakurei (push) Successful in 3m16s
Test / Hpkg (push) Successful in 4m11s
Test / Sandbox (race detector) (push) Successful in 4m12s
Test / Hakurei (race detector) (push) Successful in 5m6s
Test / Flake checks (push) Successful in 1m32s
All checks were successful
Test / Create distribution (push) Successful in 36s
Test / Sandbox (push) Successful in 2m21s
Test / Hakurei (push) Successful in 3m16s
Test / Hpkg (push) Successful in 4m11s
Test / Sandbox (race detector) (push) Successful in 4m12s
Test / Hakurei (race detector) (push) Successful in 5m6s
Test / Flake checks (push) Successful in 1m32s
This is mounted for the default read-only /dev/ when programs want to use shm_open(3). Defining it here is less error-prone and saves the extra append at runtime. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
parent
be0e387ab0
commit
6d14bb814f
SSH Key Fingerprint:
SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
@ -36,6 +36,8 @@ var (
|
|||||||
|
|
||||||
// AbsDev is [Dev] as [check.Absolute].
|
// AbsDev is [Dev] as [check.Absolute].
|
||||||
AbsDev = unsafeAbs(Dev)
|
AbsDev = unsafeAbs(Dev)
|
||||||
|
// AbsDevShm is [DevShm] as [check.Absolute].
|
||||||
|
AbsDevShm = unsafeAbs(DevShm)
|
||||||
// AbsProc is [Proc] as [check.Absolute].
|
// AbsProc is [Proc] as [check.Absolute].
|
||||||
AbsProc = unsafeAbs(Proc)
|
AbsProc = unsafeAbs(Proc)
|
||||||
// AbsSys is [Sys] as [check.Absolute].
|
// AbsSys is [Sys] as [check.Absolute].
|
||||||
|
|||||||
@ -29,6 +29,8 @@ const (
|
|||||||
|
|
||||||
// Dev points to the root directory for device nodes.
|
// Dev points to the root directory for device nodes.
|
||||||
Dev = "/dev/"
|
Dev = "/dev/"
|
||||||
|
// DevShm is the place for POSIX shared memory segments, as created via shm_open(3).
|
||||||
|
DevShm = "/dev/shm/"
|
||||||
// Proc points to a virtual kernel file system exposing the process list and other functionality.
|
// Proc points to a virtual kernel file system exposing the process list and other functionality.
|
||||||
Proc = "/proc/"
|
Proc = "/proc/"
|
||||||
// ProcSys points to a hierarchy below /proc/ that exposes a number of kernel tunables.
|
// ProcSys points to a hierarchy below /proc/ that exposes a number of kernel tunables.
|
||||||
|
|||||||
@ -141,7 +141,7 @@ func TestOutcomeMain(t *testing.T) {
|
|||||||
Proc(fhs.AbsProc).
|
Proc(fhs.AbsProc).
|
||||||
Tmpfs(hst.AbsPrivateTmp, 1<<12, 0755).
|
Tmpfs(hst.AbsPrivateTmp, 1<<12, 0755).
|
||||||
Bind(fhs.AbsDev, fhs.AbsDev, std.BindWritable|std.BindDevice).
|
Bind(fhs.AbsDev, fhs.AbsDev, std.BindWritable|std.BindDevice).
|
||||||
Tmpfs(fhs.AbsDev.Append("shm"), 0, 01777).
|
Tmpfs(fhs.AbsDevShm, 0, 01777).
|
||||||
|
|
||||||
// spRuntimeOp
|
// spRuntimeOp
|
||||||
Tmpfs(fhs.AbsRunUser, 1<<12, 0755).
|
Tmpfs(fhs.AbsRunUser, 1<<12, 0755).
|
||||||
@ -243,7 +243,7 @@ func TestOutcomeMain(t *testing.T) {
|
|||||||
Proc(m("/proc/")).
|
Proc(m("/proc/")).
|
||||||
Tmpfs(hst.AbsPrivateTmp, 4096, 0755).
|
Tmpfs(hst.AbsPrivateTmp, 4096, 0755).
|
||||||
DevWritable(m("/dev/"), true).
|
DevWritable(m("/dev/"), true).
|
||||||
Tmpfs(m("/dev/shm"), 0, 01777).
|
Tmpfs(m("/dev/shm/"), 0, 01777).
|
||||||
Tmpfs(m("/run/user/"), 4096, 0755).
|
Tmpfs(m("/run/user/"), 4096, 0755).
|
||||||
Bind(m("/tmp/hakurei.0/runtime/0"), m("/run/user/65534"), std.BindWritable).
|
Bind(m("/tmp/hakurei.0/runtime/0"), m("/run/user/65534"), std.BindWritable).
|
||||||
Bind(m("/tmp/hakurei.0/tmpdir/0"), m("/tmp/"), std.BindWritable).
|
Bind(m("/tmp/hakurei.0/tmpdir/0"), m("/tmp/"), std.BindWritable).
|
||||||
@ -412,7 +412,7 @@ func TestOutcomeMain(t *testing.T) {
|
|||||||
Proc(m("/proc/")).
|
Proc(m("/proc/")).
|
||||||
Tmpfs(hst.AbsPrivateTmp, 4096, 0755).
|
Tmpfs(hst.AbsPrivateTmp, 4096, 0755).
|
||||||
DevWritable(m("/dev/"), true).
|
DevWritable(m("/dev/"), true).
|
||||||
Tmpfs(m("/dev/shm"), 0, 01777).
|
Tmpfs(m("/dev/shm/"), 0, 01777).
|
||||||
Tmpfs(m("/run/user/"), 4096, 0755).
|
Tmpfs(m("/run/user/"), 4096, 0755).
|
||||||
Bind(m("/tmp/hakurei.0/runtime/9"), m("/run/user/65534"), std.BindWritable).
|
Bind(m("/tmp/hakurei.0/runtime/9"), m("/run/user/65534"), std.BindWritable).
|
||||||
Bind(m("/tmp/hakurei.0/tmpdir/9"), m("/tmp/"), std.BindWritable).
|
Bind(m("/tmp/hakurei.0/tmpdir/9"), m("/tmp/"), std.BindWritable).
|
||||||
@ -558,7 +558,7 @@ func TestOutcomeMain(t *testing.T) {
|
|||||||
Proc(m("/proc/")).
|
Proc(m("/proc/")).
|
||||||
Tmpfs(hst.AbsPrivateTmp, 4096, 0755).
|
Tmpfs(hst.AbsPrivateTmp, 4096, 0755).
|
||||||
DevWritable(m("/dev/"), true).
|
DevWritable(m("/dev/"), true).
|
||||||
Tmpfs(m("/dev/shm"), 0, 01777).
|
Tmpfs(m("/dev/shm/"), 0, 01777).
|
||||||
Tmpfs(m("/run/user/"), 4096, 0755).
|
Tmpfs(m("/run/user/"), 4096, 0755).
|
||||||
Bind(m("/tmp/hakurei.0/runtime/1"), m("/run/user/1971"), std.BindWritable).
|
Bind(m("/tmp/hakurei.0/runtime/1"), m("/run/user/1971"), std.BindWritable).
|
||||||
Bind(m("/tmp/hakurei.0/tmpdir/1"), m("/tmp/"), std.BindWritable).
|
Bind(m("/tmp/hakurei.0/tmpdir/1"), m("/tmp/"), std.BindWritable).
|
||||||
|
|||||||
@ -66,7 +66,7 @@ func TestShimEntrypoint(t *testing.T) {
|
|||||||
Proc(fhs.AbsProc).
|
Proc(fhs.AbsProc).
|
||||||
Tmpfs(hst.AbsPrivateTmp, 1<<12, 0755).
|
Tmpfs(hst.AbsPrivateTmp, 1<<12, 0755).
|
||||||
Bind(fhs.AbsDev, fhs.AbsDev, std.BindWritable|std.BindDevice).
|
Bind(fhs.AbsDev, fhs.AbsDev, std.BindWritable|std.BindDevice).
|
||||||
Tmpfs(fhs.AbsDev.Append("shm"), 0, 01777).
|
Tmpfs(fhs.AbsDevShm, 0, 01777).
|
||||||
|
|
||||||
// spRuntimeOp
|
// spRuntimeOp
|
||||||
Tmpfs(fhs.AbsRunUser, 1<<12, 0755).
|
Tmpfs(fhs.AbsRunUser, 1<<12, 0755).
|
||||||
|
|||||||
@ -116,7 +116,7 @@ func (s *spParamsOp) toContainer(state *outcomeStateParams) error {
|
|||||||
state.params.Bind(fhs.AbsDev, fhs.AbsDev, std.BindWritable|std.BindDevice)
|
state.params.Bind(fhs.AbsDev, fhs.AbsDev, std.BindWritable|std.BindDevice)
|
||||||
}
|
}
|
||||||
// /dev is mounted readonly later on, this prevents /dev/shm from going readonly with it
|
// /dev is mounted readonly later on, this prevents /dev/shm from going readonly with it
|
||||||
state.params.Tmpfs(fhs.AbsDev.Append("shm"), 0, 01777)
|
state.params.Tmpfs(fhs.AbsDevShm, 0, 01777)
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|||||||
@ -72,7 +72,7 @@ func TestSpParamsOp(t *testing.T) {
|
|||||||
Root(m("/var/lib/hakurei/base/org.debian"), std.BindWritable).
|
Root(m("/var/lib/hakurei/base/org.debian"), std.BindWritable).
|
||||||
Proc(fhs.AbsProc).Tmpfs(hst.AbsPrivateTmp, 1<<12, 0755).
|
Proc(fhs.AbsProc).Tmpfs(hst.AbsPrivateTmp, 1<<12, 0755).
|
||||||
DevWritable(fhs.AbsDev, true).
|
DevWritable(fhs.AbsDev, true).
|
||||||
Tmpfs(fhs.AbsDev.Append("shm"), 0, 01777),
|
Tmpfs(fhs.AbsDevShm, 0, 01777),
|
||||||
}, paramsWantEnv(config, map[string]string{
|
}, paramsWantEnv(config, map[string]string{
|
||||||
"TERM": "xterm",
|
"TERM": "xterm",
|
||||||
}, func(t *testing.T, state *outcomeStateParams) {
|
}, func(t *testing.T, state *outcomeStateParams) {
|
||||||
@ -110,7 +110,7 @@ func TestSpParamsOp(t *testing.T) {
|
|||||||
Root(m("/var/lib/hakurei/base/org.debian"), std.BindWritable).
|
Root(m("/var/lib/hakurei/base/org.debian"), std.BindWritable).
|
||||||
Proc(fhs.AbsProc).Tmpfs(hst.AbsPrivateTmp, 1<<12, 0755).
|
Proc(fhs.AbsProc).Tmpfs(hst.AbsPrivateTmp, 1<<12, 0755).
|
||||||
Bind(fhs.AbsDev, fhs.AbsDev, std.BindWritable|std.BindDevice).
|
Bind(fhs.AbsDev, fhs.AbsDev, std.BindWritable|std.BindDevice).
|
||||||
Tmpfs(fhs.AbsDev.Append("shm"), 0, 01777),
|
Tmpfs(fhs.AbsDevShm, 0, 01777),
|
||||||
}, paramsWantEnv(config, map[string]string{
|
}, paramsWantEnv(config, map[string]string{
|
||||||
"TERM": "xterm",
|
"TERM": "xterm",
|
||||||
}, func(t *testing.T, state *outcomeStateParams) {
|
}, func(t *testing.T, state *outcomeStateParams) {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user