summaryrefslogtreecommitdiffstats
path: root/crates/rebel-runner/src/init.rs
diff options
context:
space:
mode:
Diffstat (limited to 'crates/rebel-runner/src/init.rs')
-rw-r--r--crates/rebel-runner/src/init.rs68
1 files changed, 68 insertions, 0 deletions
diff --git a/crates/rebel-runner/src/init.rs b/crates/rebel-runner/src/init.rs
new file mode 100644
index 0000000..0172a01
--- /dev/null
+++ b/crates/rebel-runner/src/init.rs
@@ -0,0 +1,68 @@
+use nix::mount::{self, MsFlags};
+
+use rebel_common::error::*;
+
+use crate::{paths, util::fs};
+
+fn prepare_dev(path: &str) -> Result<()> {
+ fs::mkdir(path)?;
+ mount::mount::<_, _, str, str>(Some(path), path, None, MsFlags::MS_BIND, None)
+ .context("Failed to bind mount container /dev")?;
+
+ for dir in ["pts", "shm"] {
+ fs::mkdir(paths::join(&[path, dir]))?;
+ }
+
+ for (link, target) in [
+ ("fd", "/proc/self/fd"),
+ ("stdin", "/proc/self/fd/0"),
+ ("stdout", "/proc/self/fd/1"),
+ ("stderr", "/proc/self/fd/2"),
+ ("ptmx", "pts/ptmx"),
+ ] {
+ let path = paths::join(&[path, link]);
+ std::os::unix::fs::symlink(target, &path)
+ .with_context(|| format!("Failed to create link {}", path))?;
+ }
+
+ for dev in ["null", "zero", "full", "random", "urandom", "tty"] {
+ let source = paths::join(&["/dev", dev]);
+ let target = paths::join(&[path, dev]);
+ fs::create(&target)?;
+ mount::mount::<str, str, str, str>(Some(&source), &target, None, MsFlags::MS_BIND, None)
+ .with_context(|| format!("Failed to bind mount {}", source))?;
+ }
+
+ mount::mount::<str, _, str, str>(
+ None,
+ path,
+ None,
+ MsFlags::MS_REMOUNT | MsFlags::MS_BIND | MsFlags::MS_RDONLY,
+ None,
+ )
+ .context("Failed to mount container /dev read-only")?;
+
+ Ok(())
+}
+
+pub fn init_runner() -> Result<()> {
+ fs::mkdir(paths::LAYER_STATE_DIR)?;
+ fs::mkdir(paths::OUTPUT_STATE_DIR)?;
+
+ fs::ensure_removed(paths::TMP_DIR)?;
+ fs::mkdir(paths::TMP_DIR)?;
+ mount::mount::<_, _, str, str>(
+ Some(paths::TMP_DIR),
+ paths::TMP_DIR,
+ None,
+ MsFlags::MS_BIND,
+ None,
+ )
+ .context("Failed to bind mount build tmpdir")?;
+ mount::mount::<str, _, str, str>(None, paths::TMP_DIR, None, MsFlags::MS_PRIVATE, None)
+ .context("Failed to set MS_PRIVATE for build tmpdir")?;
+
+ prepare_dev(paths::DEV_DIR)?;
+
+ Ok(())
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-10 17:17:01 +0200