diff options
| author | Matthias Schiffer <mschiffer@universe-factory.net> | 2021-06-19 13:25:05 +0200 |
|---|---|---|
| committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2021-06-19 14:13:42 +0200 |
| commit | 512c44489c9582c40f04b8dfcdc5068c62589001 (patch) | |
| tree | 297887a70a935fcb2a2ba9c91ebcf1de723bafc3 /src | |
| parent | 204acf18eccd6c3a4dfd6320e9c24bd7c4427d2f (diff) | |
| download | rebel-512c44489c9582c40f04b8dfcdc5068c62589001.tar rebel-512c44489c9582c40f04b8dfcdc5068c62589001.zip | |
runc: adjust to new rootfs, mount home from outside container
Diffstat (limited to 'src')
| -rw-r--r-- | src/runner/runc/run.rs | 14 | ||||
| -rw-r--r-- | src/runner/runc/spec.rs | 15 |
2 files changed, 17 insertions, 12 deletions
diff --git a/src/runner/runc/run.rs b/src/runner/runc/run.rs index cb6e37d..7e9a41c 100644 --- a/src/runner/runc/run.rs +++ b/src/runner/runc/run.rs @@ -1,12 +1,13 @@ -use std::{io, process}; +use std::{fs::DirBuilder, io, process}; use nix::{ mount::{self, MsFlags}, sched::{self, CloneFlags}, + unistd, }; use serde::{Deserialize, Serialize}; -use crate::{types::*, util::ToIOResult}; +use crate::{types::*, unshare, util::ToIOResult}; use super::spec; @@ -46,6 +47,15 @@ fn init_task() -> Result<(), Error> { ) .to_io_result()?; + let workdir = "build/tmp/runc/workdir"; + DirBuilder::new().create(workdir)?; + unistd::chown( + workdir, + Some(unistd::Uid::from_raw(unshare::BUILD_UID)), + Some(unistd::Gid::from_raw(unshare::BUILD_GID)), + ) + .to_io_result()?; + Ok(()) } diff --git a/src/runner/runc/spec.rs b/src/runner/runc/spec.rs index 4335a43..42e748c 100644 --- a/src/runner/runc/spec.rs +++ b/src/runner/runc/spec.rs @@ -22,7 +22,7 @@ pub fn generate_spec(run: &str) -> runtime::Spec { "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "TERM=xterm" ], - "cwd": "/rebel", + "cwd": "/home/build", "noNewPrivileges": true }, "root": { @@ -32,16 +32,11 @@ pub fn generate_spec(run: &str) -> runtime::Spec { "hostname": "rebel-builder", "mounts": [ { - "destination": "/rebel", - "type": "tmpfs", - "source": "tmpfs", + "destination": "/home/build", + "type": "none", + "source": "workdir", "options": [ - "nosuid", - "nodev", - "strictatime", - "mode=755", - format!("uid={}", unshare::BUILD_UID), - format!("gid={}", unshare::BUILD_GID), + "bind" ] }, { |