hst/container: remove cover
All checks were successful
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 2m6s
Test / Hakurei (push) Successful in 2m56s
Test / Sandbox (race detector) (push) Successful in 3m55s
Test / Hpkg (push) Successful in 3m55s
Test / Hakurei (race detector) (push) Successful in 4m31s
Test / Flake checks (push) Successful in 1m20s

This was never useful, and is now completely replaced by regular FilesystemConfig being able to mount tmpfs.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra 2025-08-02 00:34:52 +09:00
parent 2b1eaa62f1
commit b32b1975a8
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
8 changed files with 28 additions and 33 deletions

View File

@ -114,10 +114,6 @@ func printShowInstance(
}
t.Printf(" Etc:\t%s\n", etc)
if len(container.Cover) > 0 {
t.Printf(" Cover:\t%s\n", strings.Join(container.Cover, " "))
}
t.Printf(" Path:\t%s\n", config.Path)
}
if len(config.Args) > 0 {

View File

@ -44,11 +44,11 @@ func Test_printShowInstance(t *testing.T) {
Flags: userns devel net device tty mapuid autoetc
Root: /var/lib/hakurei/base/org.debian (2)
Etc: /etc
Cover: /var/run/nscd
Path: /run/current-system/sw/bin/chromium
Arguments: chromium --ignore-gpu-blocklist --disable-smooth-scrolling --enable-features=UseOzonePlatform --ozone-platform=wayland
Filesystem
w+tmpfs:/tmp
+/nix/store
+/run/current-system
+/run/opengl-driver
@ -124,11 +124,11 @@ App
Flags: userns devel net device tty mapuid autoetc
Root: /var/lib/hakurei/base/org.debian (2)
Etc: /etc
Cover: /var/run/nscd
Path: /run/current-system/sw/bin/chromium
Arguments: chromium --ignore-gpu-blocklist --disable-smooth-scrolling --enable-features=UseOzonePlatform --ozone-platform=wayland
Filesystem
w+tmpfs:/tmp
+/nix/store
+/run/current-system
+/run/opengl-driver
@ -275,6 +275,11 @@ App
"map_real_uid": true,
"device": true,
"filesystem": [
{
"dst": "/tmp",
"src": "tmpfs",
"write": true
},
{
"src": "/nix/store"
},
@ -307,10 +312,7 @@ App
"auto_root": "/var/lib/hakurei/base/org.debian",
"root_flags": 2,
"etc": "/etc",
"auto_etc": true,
"cover": [
"/var/run/nscd"
]
"auto_etc": true
}
},
"time": "1970-01-01T00:00:00.000000009Z"
@ -405,6 +407,11 @@ App
"map_real_uid": true,
"device": true,
"filesystem": [
{
"dst": "/tmp",
"src": "tmpfs",
"write": true
},
{
"src": "/nix/store"
},
@ -437,10 +444,7 @@ App
"auto_root": "/var/lib/hakurei/base/org.debian",
"root_flags": 2,
"etc": "/etc",
"auto_etc": true,
"cover": [
"/var/run/nscd"
]
"auto_etc": true
}
}
`},
@ -589,6 +593,11 @@ func Test_printPs(t *testing.T) {
"map_real_uid": true,
"device": true,
"filesystem": [
{
"dst": "/tmp",
"src": "tmpfs",
"write": true
},
{
"src": "/nix/store"
},
@ -621,10 +630,7 @@ func Test_printPs(t *testing.T) {
"auto_root": "/var/lib/hakurei/base/org.debian",
"root_flags": 2,
"etc": "/etc",
"auto_etc": true,
"cover": [
"/var/run/nscd"
]
"auto_etc": true
}
},
"time": "1970-01-01T00:00:00.000000009Z"

View File

@ -69,9 +69,6 @@ type (
Etc string `json:"etc,omitempty"`
// automatically set up /etc symlinks
AutoEtc bool `json:"auto_etc"`
// cover these paths or create them if they do not already exist
Cover []string `json:"cover"`
}
// FilesystemConfig is an abstract representation of a bind mount.

View File

@ -78,6 +78,7 @@ func Template() *Config {
"GOOGLE_DEFAULT_CLIENT_SECRET": "OTJgUOQcT7lO7GsGZq2G4IlT",
},
Filesystem: []*FilesystemConfig{
{Dst: "/tmp", Src: SourceTmpfs, Write: true},
{Src: "/nix/store"},
{Src: "/run/current-system"},
{Src: "/run/opengl-driver"},
@ -91,7 +92,6 @@ func Template() *Config {
RootFlags: container.BindWritable,
Etc: "/etc",
AutoEtc: true,
Cover: []string{"/var/run/nscd"},
},
}
}

View File

@ -97,6 +97,11 @@ func TestTemplate(t *testing.T) {
"map_real_uid": true,
"device": true,
"filesystem": [
{
"dst": "/tmp",
"src": "tmpfs",
"write": true
},
{
"src": "/nix/store"
},
@ -129,10 +134,7 @@ func TestTemplate(t *testing.T) {
"auto_root": "/var/lib/hakurei/base/org.debian",
"root_flags": 2,
"etc": "/etc",
"auto_etc": true,
"cover": [
"/var/run/nscd"
]
"auto_etc": true
}
}`

View File

@ -28,7 +28,6 @@ var testCasesNixos = []sealTestCase{
{Src: "/sys/block"}, {Src: "/sys/bus"}, {Src: "/sys/class"}, {Src: "/sys/dev"}, {Src: "/sys/devices"},
{Src: "/run/opengl-driver", Must: true}, {Src: "/dev/dri", Device: true},
},
Cover: []string{"/var/run/nscd"},
},
SystemBus: &dbus.Config{
Talk: []string{"org.bluez", "org.freedesktop.Avahi", "org.freedesktop.UPower"},
@ -143,7 +142,6 @@ var testCasesNixos = []sealTestCase{
Place(hst.Tmp+"/pulse-cookie", nil).
Bind("/tmp/hakurei.1971/8e2c76b066dabe574cf073bdb46eb5c1/bus", "/run/user/1971/bus", 0).
Bind("/tmp/hakurei.1971/8e2c76b066dabe574cf073bdb46eb5c1/system_bus_socket", "/run/dbus/system_bus_socket", 0).
Tmpfs("/var/run/nscd", 8192, 0755).
Remount("/", syscall.MS_RDONLY),
SeccompPresets: seccomp.PresetExt | seccomp.PresetDenyTTY | seccomp.PresetDenyDevel,
HostNet: true,

View File

@ -40,7 +40,7 @@ func newContainer(s *hst.ContainerConfig, os sys.State, prefix string, uid, gid
}
{
ops := make(container.Ops, 0, preallocateOpsCount+len(s.Filesystem)+len(s.Link)+len(s.Cover))
ops := make(container.Ops, 0, preallocateOpsCount+len(s.Filesystem)+len(s.Link))
params.Ops = &ops
}

View File

@ -474,10 +474,6 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co
}
}
for _, dest := range config.Container.Cover {
seal.container.Tmpfs(dest, 1<<13, 0755)
}
// mount root read-only as the final setup Op
seal.container.Remount("/", syscall.MS_RDONLY)