hst/fs: interface filesystem config
All checks were successful
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 2m14s
Test / Hakurei (push) Successful in 3m37s
Test / Hpkg (push) Successful in 4m27s
Test / Sandbox (race detector) (push) Successful in 4m23s
Test / Hakurei (race detector) (push) Successful in 5m22s
Test / Flake checks (push) Successful in 1m22s
All checks were successful
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 2m14s
Test / Hakurei (push) Successful in 3m37s
Test / Hpkg (push) Successful in 4m27s
Test / Sandbox (race detector) (push) Successful in 4m23s
Test / Hakurei (race detector) (push) Successful in 5m22s
Test / Flake checks (push) Successful in 1m22s
This allows mount points to be represented by different underlying structs. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
@@ -128,42 +128,11 @@ func printShowInstance(
|
||||
if config.Container != nil && len(config.Container.Filesystem) > 0 {
|
||||
t.Printf("Filesystem\n")
|
||||
for _, f := range config.Container.Filesystem {
|
||||
g := 4
|
||||
if f.Src == nil {
|
||||
if !f.Valid() {
|
||||
t.Println(" <invalid>")
|
||||
continue
|
||||
} else {
|
||||
g += len(f.Src.String())
|
||||
}
|
||||
if f.Dst != nil {
|
||||
g += len(f.Dst.String())
|
||||
}
|
||||
|
||||
expr := new(strings.Builder)
|
||||
expr.Grow(g)
|
||||
|
||||
if f.Device {
|
||||
expr.WriteString(" d")
|
||||
} else if f.Write {
|
||||
expr.WriteString(" w")
|
||||
} else {
|
||||
expr.WriteString(" ")
|
||||
}
|
||||
if f.Must {
|
||||
expr.WriteString("*")
|
||||
} else {
|
||||
expr.WriteString("+")
|
||||
}
|
||||
src := f.Src.String()
|
||||
if src != container.Nonexistent {
|
||||
expr.WriteString(src)
|
||||
} else {
|
||||
expr.WriteString("tmpfs")
|
||||
}
|
||||
if f.Dst != nil {
|
||||
expr.WriteString(":" + f.Dst.String())
|
||||
}
|
||||
t.Printf("%s\n", expr.String())
|
||||
t.Printf(" %s\n", f)
|
||||
}
|
||||
t.Printf("\n")
|
||||
}
|
||||
|
||||
@@ -48,11 +48,10 @@ func Test_printShowInstance(t *testing.T) {
|
||||
Arguments: chromium --ignore-gpu-blocklist --disable-smooth-scrolling --enable-features=UseOzonePlatform --ozone-platform=wayland
|
||||
|
||||
Filesystem
|
||||
w+tmpfs:/tmp/
|
||||
+/nix/store
|
||||
+/run/current-system
|
||||
+/run/opengl-driver
|
||||
+/var/db/nix-channels
|
||||
w+ephemeral(-rwxr-xr-x):/tmp/
|
||||
*/nix/store
|
||||
*/run/current-system
|
||||
*/run/opengl-driver
|
||||
w*/var/lib/hakurei/u0/org.chromium.Chromium:/data/data/org.chromium.Chromium
|
||||
d+/dev/dri
|
||||
|
||||
@@ -86,7 +85,7 @@ App
|
||||
Etc: /etc/
|
||||
|
||||
`},
|
||||
{"config nil entries", nil, &hst.Config{Container: &hst.ContainerConfig{Filesystem: make([]hst.FilesystemConfig, 1)}, ExtraPerms: make([]*hst.ExtraPermConfig, 1)}, false, false, `App
|
||||
{"config nil entries", nil, &hst.Config{Container: &hst.ContainerConfig{Filesystem: make([]hst.FilesystemConfigJSON, 1)}, ExtraPerms: make([]*hst.ExtraPermConfig, 1)}, false, false, `App
|
||||
Identity: 0
|
||||
Enablements: (no enablements)
|
||||
Flags: none
|
||||
@@ -127,11 +126,10 @@ App
|
||||
Arguments: chromium --ignore-gpu-blocklist --disable-smooth-scrolling --enable-features=UseOzonePlatform --ozone-platform=wayland
|
||||
|
||||
Filesystem
|
||||
w+tmpfs:/tmp/
|
||||
+/nix/store
|
||||
+/run/current-system
|
||||
+/run/opengl-driver
|
||||
+/var/db/nix-channels
|
||||
w+ephemeral(-rwxr-xr-x):/tmp/
|
||||
*/nix/store
|
||||
*/run/current-system
|
||||
*/run/opengl-driver
|
||||
w*/var/lib/hakurei/u0/org.chromium.Chromium:/data/data/org.chromium.Chromium
|
||||
d+/dev/dri
|
||||
|
||||
@@ -275,31 +273,34 @@ App
|
||||
"device": true,
|
||||
"filesystem": [
|
||||
{
|
||||
"type": "ephemeral",
|
||||
"dst": "/tmp/",
|
||||
"src": "/proc/nonexistent",
|
||||
"write": true
|
||||
"write": true,
|
||||
"perm": 493
|
||||
},
|
||||
{
|
||||
"type": "bind",
|
||||
"src": "/nix/store"
|
||||
},
|
||||
{
|
||||
"type": "bind",
|
||||
"src": "/run/current-system"
|
||||
},
|
||||
{
|
||||
"type": "bind",
|
||||
"src": "/run/opengl-driver"
|
||||
},
|
||||
{
|
||||
"src": "/var/db/nix-channels"
|
||||
},
|
||||
{
|
||||
"type": "bind",
|
||||
"dst": "/data/data/org.chromium.Chromium",
|
||||
"src": "/var/lib/hakurei/u0/org.chromium.Chromium",
|
||||
"write": true,
|
||||
"require": true
|
||||
"write": true
|
||||
},
|
||||
{
|
||||
"type": "bind",
|
||||
"src": "/dev/dri",
|
||||
"dev": true
|
||||
"dev": true,
|
||||
"optional": true
|
||||
}
|
||||
],
|
||||
"symlink": [
|
||||
@@ -407,31 +408,34 @@ App
|
||||
"device": true,
|
||||
"filesystem": [
|
||||
{
|
||||
"type": "ephemeral",
|
||||
"dst": "/tmp/",
|
||||
"src": "/proc/nonexistent",
|
||||
"write": true
|
||||
"write": true,
|
||||
"perm": 493
|
||||
},
|
||||
{
|
||||
"type": "bind",
|
||||
"src": "/nix/store"
|
||||
},
|
||||
{
|
||||
"type": "bind",
|
||||
"src": "/run/current-system"
|
||||
},
|
||||
{
|
||||
"type": "bind",
|
||||
"src": "/run/opengl-driver"
|
||||
},
|
||||
{
|
||||
"src": "/var/db/nix-channels"
|
||||
},
|
||||
{
|
||||
"type": "bind",
|
||||
"dst": "/data/data/org.chromium.Chromium",
|
||||
"src": "/var/lib/hakurei/u0/org.chromium.Chromium",
|
||||
"write": true,
|
||||
"require": true
|
||||
"write": true
|
||||
},
|
||||
{
|
||||
"type": "bind",
|
||||
"src": "/dev/dri",
|
||||
"dev": true
|
||||
"dev": true,
|
||||
"optional": true
|
||||
}
|
||||
],
|
||||
"symlink": [
|
||||
@@ -593,31 +597,34 @@ func Test_printPs(t *testing.T) {
|
||||
"device": true,
|
||||
"filesystem": [
|
||||
{
|
||||
"type": "ephemeral",
|
||||
"dst": "/tmp/",
|
||||
"src": "/proc/nonexistent",
|
||||
"write": true
|
||||
"write": true,
|
||||
"perm": 493
|
||||
},
|
||||
{
|
||||
"type": "bind",
|
||||
"src": "/nix/store"
|
||||
},
|
||||
{
|
||||
"type": "bind",
|
||||
"src": "/run/current-system"
|
||||
},
|
||||
{
|
||||
"type": "bind",
|
||||
"src": "/run/opengl-driver"
|
||||
},
|
||||
{
|
||||
"src": "/var/db/nix-channels"
|
||||
},
|
||||
{
|
||||
"type": "bind",
|
||||
"dst": "/data/data/org.chromium.Chromium",
|
||||
"src": "/var/lib/hakurei/u0/org.chromium.Chromium",
|
||||
"write": true,
|
||||
"require": true
|
||||
"write": true
|
||||
},
|
||||
{
|
||||
"type": "bind",
|
||||
"src": "/dev/dri",
|
||||
"dev": true
|
||||
"dev": true,
|
||||
"optional": true
|
||||
}
|
||||
],
|
||||
"symlink": [
|
||||
|
||||
@@ -91,15 +91,15 @@ func (app *appInfo) toHst(pathSet *appPathSet, pathname *container.Absolute, arg
|
||||
Device: app.Device,
|
||||
Tty: app.Tty || flagDropShell,
|
||||
MapRealUID: app.MapRealUID,
|
||||
Filesystem: []hst.FilesystemConfig{
|
||||
{Src: pathSet.nixPath.Append("store"), Dst: pathNixStore, Must: true},
|
||||
{Src: pathSet.metaPath, Dst: hst.AbsTmp.Append("app"), Must: true},
|
||||
{Src: container.AbsFHSEtc.Append("resolv.conf")},
|
||||
{Src: container.AbsFHSSys.Append("block")},
|
||||
{Src: container.AbsFHSSys.Append("bus")},
|
||||
{Src: container.AbsFHSSys.Append("class")},
|
||||
{Src: container.AbsFHSSys.Append("dev")},
|
||||
{Src: container.AbsFHSSys.Append("devices")},
|
||||
Filesystem: []hst.FilesystemConfigJSON{
|
||||
{FilesystemConfig: &hst.FSBind{Src: pathSet.nixPath.Append("store"), Dst: pathNixStore}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: pathSet.metaPath, Dst: hst.AbsTmp.Append("app")}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSEtc.Append("resolv.conf"), Optional: true}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSSys.Append("block"), Optional: true}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSSys.Append("bus"), Optional: true}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSSys.Append("class"), Optional: true}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSSys.Append("dev"), Optional: true}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSSys.Append("devices"), Optional: true}},
|
||||
},
|
||||
Link: []hst.LinkConfig{
|
||||
{pathCurrentSystem, app.CurrentSystem.String()},
|
||||
|
||||
@@ -274,13 +274,13 @@ func main() {
|
||||
"--override-input nixpkgs path:/etc/nixpkgs " +
|
||||
"path:" + a.NixGL + "#nixVulkanNvidia",
|
||||
}, true, func(config *hst.Config) *hst.Config {
|
||||
config.Container.Filesystem = append(config.Container.Filesystem, []hst.FilesystemConfig{
|
||||
{Src: container.AbsFHSEtc.Append("resolv.conf")},
|
||||
{Src: container.AbsFHSSys.Append("block")},
|
||||
{Src: container.AbsFHSSys.Append("bus")},
|
||||
{Src: container.AbsFHSSys.Append("class")},
|
||||
{Src: container.AbsFHSSys.Append("dev")},
|
||||
{Src: container.AbsFHSSys.Append("devices")},
|
||||
config.Container.Filesystem = append(config.Container.Filesystem, []hst.FilesystemConfigJSON{
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSEtc.Append("resolv.conf"), Optional: true}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSSys.Append("block"), Optional: true}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSSys.Append("bus"), Optional: true}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSSys.Append("class"), Optional: true}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSSys.Append("dev"), Optional: true}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSSys.Append("devices"), Optional: true}},
|
||||
}...)
|
||||
appendGPUFilesystem(config)
|
||||
return config
|
||||
@@ -308,7 +308,7 @@ func main() {
|
||||
|
||||
if a.GPU {
|
||||
config.Container.Filesystem = append(config.Container.Filesystem,
|
||||
hst.FilesystemConfig{Src: pathSet.nixPath.Append(".nixGL"), Dst: hst.AbsTmp.Append("nixGL")})
|
||||
hst.FilesystemConfigJSON{FilesystemConfig: &hst.FSBind{Src: pathSet.nixPath.Append(".nixGL"), Dst: hst.AbsTmp.Append("nixGL")}})
|
||||
appendGPUFilesystem(config)
|
||||
}
|
||||
|
||||
|
||||
@@ -87,30 +87,30 @@ func pathSetByApp(id string) *appPathSet {
|
||||
}
|
||||
|
||||
func appendGPUFilesystem(config *hst.Config) {
|
||||
config.Container.Filesystem = append(config.Container.Filesystem, []hst.FilesystemConfig{
|
||||
config.Container.Filesystem = append(config.Container.Filesystem, []hst.FilesystemConfigJSON{
|
||||
// flatpak commit 763a686d874dd668f0236f911de00b80766ffe79
|
||||
{Src: container.AbsFHSDev.Append("dri"), Device: true},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("dri"), Device: true, Optional: true}},
|
||||
// mali
|
||||
{Src: container.AbsFHSDev.Append("mali"), Device: true},
|
||||
{Src: container.AbsFHSDev.Append("mali0"), Device: true},
|
||||
{Src: container.AbsFHSDev.Append("umplock"), Device: true},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("mali"), Device: true, Optional: true}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("mali0"), Device: true, Optional: true}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("umplock"), Device: true, Optional: true}},
|
||||
// nvidia
|
||||
{Src: container.AbsFHSDev.Append("nvidiactl"), Device: true},
|
||||
{Src: container.AbsFHSDev.Append("nvidia-modeset"), Device: true},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidiactl"), Device: true, Optional: true}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidia-modeset"), Device: true, Optional: true}},
|
||||
// nvidia OpenCL/CUDA
|
||||
{Src: container.AbsFHSDev.Append("nvidia-uvm"), Device: true},
|
||||
{Src: container.AbsFHSDev.Append("nvidia-uvm-tools"), Device: true},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidia-uvm"), Device: true, Optional: true}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidia-uvm-tools"), Device: true, Optional: true}},
|
||||
|
||||
// flatpak commit d2dff2875bb3b7e2cd92d8204088d743fd07f3ff
|
||||
{Src: container.AbsFHSDev.Append("nvidia0"), Device: true}, {Src: container.AbsFHSDev.Append("nvidia1"), Device: true},
|
||||
{Src: container.AbsFHSDev.Append("nvidia2"), Device: true}, {Src: container.AbsFHSDev.Append("nvidia3"), Device: true},
|
||||
{Src: container.AbsFHSDev.Append("nvidia4"), Device: true}, {Src: container.AbsFHSDev.Append("nvidia5"), Device: true},
|
||||
{Src: container.AbsFHSDev.Append("nvidia6"), Device: true}, {Src: container.AbsFHSDev.Append("nvidia7"), Device: true},
|
||||
{Src: container.AbsFHSDev.Append("nvidia8"), Device: true}, {Src: container.AbsFHSDev.Append("nvidia9"), Device: true},
|
||||
{Src: container.AbsFHSDev.Append("nvidia10"), Device: true}, {Src: container.AbsFHSDev.Append("nvidia11"), Device: true},
|
||||
{Src: container.AbsFHSDev.Append("nvidia12"), Device: true}, {Src: container.AbsFHSDev.Append("nvidia13"), Device: true},
|
||||
{Src: container.AbsFHSDev.Append("nvidia14"), Device: true}, {Src: container.AbsFHSDev.Append("nvidia15"), Device: true},
|
||||
{Src: container.AbsFHSDev.Append("nvidia16"), Device: true}, {Src: container.AbsFHSDev.Append("nvidia17"), Device: true},
|
||||
{Src: container.AbsFHSDev.Append("nvidia18"), Device: true}, {Src: container.AbsFHSDev.Append("nvidia19"), Device: true},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidia0"), Device: true, Optional: true}}, {FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidia1"), Device: true, Optional: true}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidia2"), Device: true, Optional: true}}, {FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidia3"), Device: true, Optional: true}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidia4"), Device: true, Optional: true}}, {FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidia5"), Device: true, Optional: true}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidia6"), Device: true, Optional: true}}, {FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidia7"), Device: true, Optional: true}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidia8"), Device: true, Optional: true}}, {FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidia9"), Device: true, Optional: true}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidia10"), Device: true, Optional: true}}, {FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidia11"), Device: true, Optional: true}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidia12"), Device: true, Optional: true}}, {FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidia13"), Device: true, Optional: true}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidia14"), Device: true, Optional: true}}, {FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidia15"), Device: true, Optional: true}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidia16"), Device: true, Optional: true}}, {FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidia17"), Device: true, Optional: true}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidia18"), Device: true, Optional: true}}, {FilesystemConfig: &hst.FSBind{Src: container.AbsFHSDev.Append("nvidia19"), Device: true, Optional: true}},
|
||||
}...)
|
||||
}
|
||||
|
||||
@@ -48,8 +48,8 @@ func withNixDaemon(
|
||||
Net: net,
|
||||
SeccompFlags: seccomp.AllowMultiarch,
|
||||
Tty: dropShell,
|
||||
Filesystem: []hst.FilesystemConfig{
|
||||
{Src: pathSet.nixPath, Dst: pathNix, Write: true, Must: true},
|
||||
Filesystem: []hst.FilesystemConfigJSON{
|
||||
{FilesystemConfig: &hst.FSBind{Src: pathSet.nixPath, Dst: pathNix, Write: true}},
|
||||
},
|
||||
Link: []hst.LinkConfig{
|
||||
{pathCurrentSystem, app.CurrentSystem.String()},
|
||||
@@ -88,9 +88,9 @@ func withCacheDir(
|
||||
Hostname: formatHostname(app.Name) + "-" + action,
|
||||
SeccompFlags: seccomp.AllowMultiarch,
|
||||
Tty: dropShell,
|
||||
Filesystem: []hst.FilesystemConfig{
|
||||
{Src: workDir.Append("nix"), Dst: pathNix, Must: true},
|
||||
{Src: workDir, Dst: hst.AbsTmp.Append("bundle"), Must: true},
|
||||
Filesystem: []hst.FilesystemConfigJSON{
|
||||
{FilesystemConfig: &hst.FSBind{Src: workDir.Append("nix"), Dst: pathNix}},
|
||||
{FilesystemConfig: &hst.FSBind{Src: workDir, Dst: hst.AbsTmp.Append("bundle")}},
|
||||
},
|
||||
Link: []hst.LinkConfig{
|
||||
{pathCurrentSystem, app.CurrentSystem.String()},
|
||||
|
||||
Reference in New Issue
Block a user