diff --git a/cmd/hakurei/print_test.go b/cmd/hakurei/print_test.go index d6c60ec..2002c60 100644 --- a/cmd/hakurei/print_test.go +++ b/cmd/hakurei/print_test.go @@ -51,8 +51,8 @@ Filesystem w+ephemeral(-rwxr-xr-x):/tmp/ w*/nix/store:/mnt-root/nix/.rw-store/upper:/mnt-root/nix/.rw-store/work:/mnt-root/nix/.ro-store */nix/store - */run/current-system - */run/opengl-driver + &/run/current-system:*/run/current-system + &/run/opengl-driver:*/run/opengl-driver w*/var/lib/hakurei/u0/org.chromium.Chromium:/data/data/org.chromium.Chromium d+/dev/dri @@ -128,8 +128,8 @@ Filesystem w+ephemeral(-rwxr-xr-x):/tmp/ w*/nix/store:/mnt-root/nix/.rw-store/upper:/mnt-root/nix/.rw-store/work:/mnt-root/nix/.ro-store */nix/store - */run/current-system - */run/opengl-driver + &/run/current-system:*/run/current-system + &/run/opengl-driver:*/run/opengl-driver w*/var/lib/hakurei/u0/org.chromium.Chromium:/data/data/org.chromium.Chromium d+/dev/dri @@ -310,12 +310,16 @@ App "src": "/nix/store" }, { - "type": "bind", - "src": "/run/current-system" + "type": "link", + "dst": "/run/current-system", + "linkname": "/run/current-system", + "dereference": true }, { - "type": "bind", - "src": "/run/opengl-driver" + "type": "link", + "dst": "/run/opengl-driver", + "linkname": "/run/opengl-driver", + "dereference": true }, { "type": "bind", @@ -329,12 +333,6 @@ App "dev": true, "optional": true } - ], - "symlink": [ - { - "target": "/run/user/65534", - "linkname": "/run/user/150" - } ] } }, @@ -468,12 +466,16 @@ App "src": "/nix/store" }, { - "type": "bind", - "src": "/run/current-system" + "type": "link", + "dst": "/run/current-system", + "linkname": "/run/current-system", + "dereference": true }, { - "type": "bind", - "src": "/run/opengl-driver" + "type": "link", + "dst": "/run/opengl-driver", + "linkname": "/run/opengl-driver", + "dereference": true }, { "type": "bind", @@ -487,12 +489,6 @@ App "dev": true, "optional": true } - ], - "symlink": [ - { - "target": "/run/user/65534", - "linkname": "/run/user/150" - } ] } } @@ -680,12 +676,16 @@ func Test_printPs(t *testing.T) { "src": "/nix/store" }, { - "type": "bind", - "src": "/run/current-system" + "type": "link", + "dst": "/run/current-system", + "linkname": "/run/current-system", + "dereference": true }, { - "type": "bind", - "src": "/run/opengl-driver" + "type": "link", + "dst": "/run/opengl-driver", + "linkname": "/run/opengl-driver", + "dereference": true }, { "type": "bind", @@ -699,12 +699,6 @@ func Test_printPs(t *testing.T) { "dev": true, "optional": true } - ], - "symlink": [ - { - "target": "/run/user/65534", - "linkname": "/run/user/150" - } ] } }, diff --git a/cmd/hpkg/app.go b/cmd/hpkg/app.go index cd548dc..37c114c 100644 --- a/cmd/hpkg/app.go +++ b/cmd/hpkg/app.go @@ -96,6 +96,9 @@ func (app *appInfo) toHst(pathSet *appPathSet, pathname *container.Absolute, arg Filesystem: []hst.FilesystemConfigJSON{ {FilesystemConfig: &hst.FSBind{Target: container.AbsFHSEtc, Source: pathSet.cacheDir.Append("etc"), Special: true}}, {FilesystemConfig: &hst.FSBind{Source: pathSet.nixPath.Append("store"), Target: pathNixStore}}, + {FilesystemConfig: &hst.FSLink{Target: pathCurrentSystem, Linkname: app.CurrentSystem.String()}}, + {FilesystemConfig: &hst.FSLink{Target: pathBin, Linkname: pathSwBin.String()}}, + {FilesystemConfig: &hst.FSLink{Target: container.AbsFHSUsrBin, Linkname: pathSwBin.String()}}, {FilesystemConfig: &hst.FSBind{Source: pathSet.metaPath, Target: hst.AbsTmp.Append("app")}}, {FilesystemConfig: &hst.FSBind{Source: container.AbsFHSEtc.Append("resolv.conf"), Optional: true}}, {FilesystemConfig: &hst.FSBind{Source: container.AbsFHSSys.Append("block"), Optional: true}}, @@ -104,11 +107,6 @@ func (app *appInfo) toHst(pathSet *appPathSet, pathname *container.Absolute, arg {FilesystemConfig: &hst.FSBind{Source: container.AbsFHSSys.Append("dev"), Optional: true}}, {FilesystemConfig: &hst.FSBind{Source: container.AbsFHSSys.Append("devices"), Optional: true}}, }, - Link: []hst.LinkConfig{ - {pathCurrentSystem, app.CurrentSystem.String()}, - {pathBin, pathSwBin.String()}, - {container.AbsFHSUsrBin, pathSwBin.String()}, - }, }, ExtraPerms: []*hst.ExtraPermConfig{ {Path: dataHome, Execute: true}, diff --git a/cmd/hpkg/with.go b/cmd/hpkg/with.go index 21adeec..03b2e5f 100644 --- a/cmd/hpkg/with.go +++ b/cmd/hpkg/with.go @@ -51,11 +51,9 @@ func withNixDaemon( Filesystem: []hst.FilesystemConfigJSON{ {FilesystemConfig: &hst.FSBind{Target: container.AbsFHSEtc, Source: pathSet.cacheDir.Append("etc"), Special: true}}, {FilesystemConfig: &hst.FSBind{Source: pathSet.nixPath, Target: pathNix, Write: true}}, - }, - Link: []hst.LinkConfig{ - {pathCurrentSystem, app.CurrentSystem.String()}, - {pathBin, pathSwBin.String()}, - {container.AbsFHSUsrBin, pathSwBin.String()}, + {FilesystemConfig: &hst.FSLink{Target: pathCurrentSystem, Linkname: app.CurrentSystem.String()}}, + {FilesystemConfig: &hst.FSLink{Target: pathBin, Linkname: pathSwBin.String()}}, + {FilesystemConfig: &hst.FSLink{Target: container.AbsFHSUsrBin, Linkname: pathSwBin.String()}}, }, }, }), dropShell, beforeFail) @@ -90,13 +88,11 @@ func withCacheDir( Filesystem: []hst.FilesystemConfigJSON{ {FilesystemConfig: &hst.FSBind{Target: container.AbsFHSEtc, Source: workDir.Append(container.FHSEtc), Special: true}}, {FilesystemConfig: &hst.FSBind{Source: workDir.Append("nix"), Target: pathNix}}, + {FilesystemConfig: &hst.FSLink{Target: pathCurrentSystem, Linkname: app.CurrentSystem.String()}}, + {FilesystemConfig: &hst.FSLink{Target: pathBin, Linkname: pathSwBin.String()}}, + {FilesystemConfig: &hst.FSLink{Target: container.AbsFHSUsrBin, Linkname: pathSwBin.String()}}, {FilesystemConfig: &hst.FSBind{Source: workDir, Target: hst.AbsTmp.Append("bundle")}}, }, - Link: []hst.LinkConfig{ - {pathCurrentSystem, app.CurrentSystem.String()}, - {pathBin, pathSwBin.String()}, - {container.AbsFHSUsrBin, pathSwBin.String()}, - }, }, }, dropShell, beforeFail) } diff --git a/hst/config.go b/hst/config.go index 8f17de9..7ee2587 100644 --- a/hst/config.go +++ b/hst/config.go @@ -96,16 +96,6 @@ type ( // container mount points; // if the first element targets /, it is inserted early and excluded from path hiding Filesystem []FilesystemConfigJSON `json:"filesystem"` - // create symlinks inside container filesystem - Link []LinkConfig `json:"symlink"` - } - - LinkConfig struct { - // symlink target in container - Target *container.Absolute `json:"target"` - // linkname the symlink points to; - // prepend '*' to dereference an absolute pathname on host - Linkname string `json:"linkname"` } ) diff --git a/hst/hst.go b/hst/hst.go index 6d0f9a2..757c59a 100644 --- a/hst/hst.go +++ b/hst/hst.go @@ -107,13 +107,12 @@ func Template() *Config { Work: container.MustAbs("/mnt-root/nix/.rw-store/work"), }}, {&FSBind{Source: container.MustAbs("/nix/store")}}, - {&FSBind{Source: container.AbsFHSRun.Append("current-system")}}, - {&FSBind{Source: container.AbsFHSRun.Append("opengl-driver")}}, + {&FSLink{Target: container.AbsFHSRun.Append("current-system"), Linkname: "/run/current-system", Dereference: true}}, + {&FSLink{Target: container.AbsFHSRun.Append("opengl-driver"), Linkname: "/run/opengl-driver", Dereference: true}}, {&FSBind{Source: container.AbsFHSVarLib.Append("hakurei/u0/org.chromium.Chromium"), Target: container.MustAbs("/data/data/org.chromium.Chromium"), Write: true}}, {&FSBind{Source: container.AbsFHSDev.Append("dri"), Device: true, Optional: true}}, }, - Link: []LinkConfig{{container.AbsFHSRunUser.Append("65534"), container.FHSRunUser + "150"}}, }, } } diff --git a/hst/hst_test.go b/hst/hst_test.go index 553533b..fec189a 100644 --- a/hst/hst_test.go +++ b/hst/hst_test.go @@ -135,12 +135,16 @@ func TestTemplate(t *testing.T) { "src": "/nix/store" }, { - "type": "bind", - "src": "/run/current-system" + "type": "link", + "dst": "/run/current-system", + "linkname": "/run/current-system", + "dereference": true }, { - "type": "bind", - "src": "/run/opengl-driver" + "type": "link", + "dst": "/run/opengl-driver", + "linkname": "/run/opengl-driver", + "dereference": true }, { "type": "bind", @@ -154,12 +158,6 @@ func TestTemplate(t *testing.T) { "dev": true, "optional": true } - ], - "symlink": [ - { - "target": "/run/user/65534", - "linkname": "/run/user/150" - } ] } }` diff --git a/internal/app/container_linux.go b/internal/app/container_linux.go index d604012..b1c4fa4 100644 --- a/internal/app/container_linux.go +++ b/internal/app/container_linux.go @@ -44,7 +44,7 @@ func newContainer(s *hst.ContainerConfig, os sys.State, prefix string, uid, gid AutoEtcPrefix: prefix, } { - ops := make(container.Ops, 0, preallocateOpsCount+len(s.Filesystem)+len(s.Link)) + ops := make(container.Ops, 0, preallocateOpsCount+len(s.Filesystem)) params.Ops = &ops as.Ops = &ops } @@ -231,19 +231,6 @@ func newContainer(s *hst.ContainerConfig, os sys.State, prefix string, uid, gid } } - for i, l := range s.Link { - if l.Target == nil || l.Linkname == "" { - return nil, nil, fmt.Errorf("invalid link at index %d", i) - } - linkname := l.Linkname - var dereference bool - if linkname[0] == '*' && path.IsAbs(linkname[1:]) { - linkname = linkname[1:] - dereference = true - } - params.Link(l.Target, linkname, dereference) - } - // no more ContainerConfig paths beyond this point if !s.Device { params.Remount(container.AbsFHSDev, syscall.MS_RDONLY) diff --git a/nixos.nix b/nixos.nix index c2858e9..62e981f 100644 --- a/nixos.nix +++ b/nixos.nix @@ -188,28 +188,29 @@ in src = "/etc/"; special = true; } - ]; - - symlink = [ - { - target = "/run/current-system"; - linkname = "*/run/current-system"; - } - ] - ++ optionals (isGraphical && config.hardware.graphics.enable) ( - [ { - target = "/run/opengl-driver"; - linkname = config.systemd.tmpfiles.settings.graphics-driver."/run/opengl-driver"."L+".argument; + type = "link"; + dst = "/run/current-system"; + linkname = "/run/current-system"; + dereference = true; } ] - ++ optionals (app.multiarch && config.hardware.graphics.enable32Bit) [ - { - target = "/run/opengl-driver-32"; - linkname = config.systemd.tmpfiles.settings.graphics-driver."/run/opengl-driver-32"."L+".argument; - } - ] - ); + ++ optionals (isGraphical && config.hardware.graphics.enable) ( + [ + { + type = "link"; + dst = "/run/opengl-driver"; + linkname = config.systemd.tmpfiles.settings.graphics-driver."/run/opengl-driver"."L+".argument; + } + ] + ++ optionals (app.multiarch && config.hardware.graphics.enable32Bit) [ + { + type = "link"; + dst = "/run/opengl-driver-32"; + linkname = config.systemd.tmpfiles.settings.graphics-driver."/run/opengl-driver-32"."L+".argument; + } + ] + ); }; };