diff options
| author | Matthias Schiffer <mschiffer@universe-factory.net> | 2021-10-25 00:19:45 +0200 |
|---|---|---|
| committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2021-10-25 00:19:45 +0200 |
| commit | 34ac18d20c13a78914d447fee83204811a27b1e4 (patch) | |
| tree | 56763d4ea46927105fcc6a71e03d5bd75a6947a6 /crates/runner/src/init.rs | |
| parent | a1a185370da27f2cc3df84d3a8d7141f9ce7db16 (diff) | |
| download | rebel-34ac18d20c13a78914d447fee83204811a27b1e4.tar rebel-34ac18d20c13a78914d447fee83204811a27b1e4.zip | |
Move runner into separate crate
Diffstat (limited to 'crates/runner/src/init.rs')
| -rw-r--r-- | crates/runner/src/init.rs | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/crates/runner/src/init.rs b/crates/runner/src/init.rs new file mode 100644 index 0000000..783faf4 --- /dev/null +++ b/crates/runner/src/init.rs @@ -0,0 +1,71 @@ +use std::fs::File; + +use nix::mount::{self, MsFlags}; + +use common::error::*; + +use super::{tar, util::fs}; +use crate::paths; + +fn prepare_rootfs(rootfs: &str) -> Result<()> { + tar::unpack(File::open(paths::ROOTFS_ARCHIVE)?, rootfs) + .context("Unpacking build container rootfs failed")?; + + mount::mount::<_, _, str, str>(Some(rootfs), rootfs, None, MsFlags::MS_BIND, None) + .context("Failed to bind mount container rootfs")?; + + for dir in IntoIterator::into_iter(["pts", "shm"]) { + fs::mkdir(paths::join(&[rootfs, "dev", dir]))?; + } + + for (link, target) in IntoIterator::into_iter([ + ("fd", "/proc/self/fd"), + ("stdin", "/proc/self/fd/0"), + ("stdout", "/proc/self/fd/1"), + ("stderr", "/proc/self/fd/2"), + ("ptmx", "pts/ptmx"), + ]) { + let path = paths::join(&[rootfs, "dev", link]); + std::os::unix::fs::symlink(target, &path) + .with_context(|| format!("Failed to create link {}", path))?; + } + + for dev in IntoIterator::into_iter(["null", "zero", "full", "random", "urandom", "tty"]) { + let source = paths::join(&["/dev", dev]); + let target = paths::join(&[rootfs, "dev", dev]); + fs::create(&target)?; + mount::mount::<str, str, str, str>(Some(&source), &target, None, MsFlags::MS_BIND, None) + .with_context(|| format!("Failed to bind mount {}", source))?; + } + + mount::mount::<str, _, str, str>( + None, + rootfs, + None, + MsFlags::MS_REMOUNT | MsFlags::MS_BIND | MsFlags::MS_RDONLY, + None, + ) + .context("Failed to mount container rootfs read-only")?; + + Ok(()) +} + +pub fn init_runner() -> Result<()> { + fs::mkdir(paths::LAYER_STATE_DIR)?; + fs::mkdir(paths::OUTPUT_STATE_DIR)?; + + mount::mount::<_, _, _, str>( + Some("buildtmp"), + paths::TMP_DIR, + Some("tmpfs"), + MsFlags::empty(), + None, + ) + .context("Mounting build tmpfs failed")?; + mount::mount::<str, _, str, str>(None, paths::TMP_DIR, None, MsFlags::MS_PRIVATE, None) + .context("Failed to set MS_PRIVATE for build tmpfs")?; + + prepare_rootfs(paths::ROOTFS_DIR)?; + + Ok(()) +} |