summaryrefslogtreecommitdiffstats
path: root/crates/runner/src/init.rs
diff options
context:
space:
mode:
Diffstat (limited to 'crates/runner/src/init.rs')
-rw-r--r--crates/runner/src/init.rs33
1 files changed, 25 insertions, 8 deletions
diff --git a/crates/runner/src/init.rs b/crates/runner/src/init.rs
index 07631ea..ad37cf0 100644
--- a/crates/runner/src/init.rs
+++ b/crates/runner/src/init.rs
@@ -7,15 +7,31 @@ use common::error::*;
use super::{tar, util::fs};
use crate::paths;
-fn prepare_rootfs(rootfs: &str) -> Result<()> {
- tar::unpack(File::open(paths::ROOTFS_ARCHIVE)?, rootfs)
+fn prepare_rootfs(path: &str) -> Result<()> {
+ tar::unpack(File::open(paths::ROOTFS_ARCHIVE)?, path)
.context("Unpacking build container rootfs failed")?;
- mount::mount::<_, _, str, str>(Some(rootfs), rootfs, None, MsFlags::MS_BIND, None)
+ mount::mount::<_, _, str, str>(Some(path), path, None, MsFlags::MS_BIND, None)
.context("Failed to bind mount container rootfs")?;
+ mount::mount::<str, _, str, str>(
+ None,
+ path,
+ None,
+ MsFlags::MS_REMOUNT | MsFlags::MS_BIND | MsFlags::MS_RDONLY,
+ None,
+ )
+ .context("Failed to mount container rootfs read-only")?;
+
+ Ok(())
+}
+
+fn prepare_dev(path: &str) -> Result<()> {
+ fs::mkdir(path)?;
+ mount::mount::<_, _, str, str>(Some(path), path, None, MsFlags::MS_BIND, None)
+ .context("Failed to bind mount container /dev")?;
for dir in ["pts", "shm"] {
- fs::mkdir(paths::join(&[rootfs, "dev", dir]))?;
+ fs::mkdir(paths::join(&[path, dir]))?;
}
for (link, target) in [
@@ -25,14 +41,14 @@ fn prepare_rootfs(rootfs: &str) -> Result<()> {
("stderr", "/proc/self/fd/2"),
("ptmx", "pts/ptmx"),
] {
- let path = paths::join(&[rootfs, "dev", link]);
+ let path = paths::join(&[path, link]);
std::os::unix::fs::symlink(target, &path)
.with_context(|| format!("Failed to create link {}", path))?;
}
for dev in ["null", "zero", "full", "random", "urandom", "tty"] {
let source = paths::join(&["/dev", dev]);
- let target = paths::join(&[rootfs, "dev", dev]);
+ let target = paths::join(&[path, dev]);
fs::create(&target)?;
mount::mount::<str, str, str, str>(Some(&source), &target, None, MsFlags::MS_BIND, None)
.with_context(|| format!("Failed to bind mount {}", source))?;
@@ -40,12 +56,12 @@ fn prepare_rootfs(rootfs: &str) -> Result<()> {
mount::mount::<str, _, str, str>(
None,
- rootfs,
+ path,
None,
MsFlags::MS_REMOUNT | MsFlags::MS_BIND | MsFlags::MS_RDONLY,
None,
)
- .context("Failed to mount container rootfs read-only")?;
+ .context("Failed to mount container /dev read-only")?;
Ok(())
}
@@ -68,6 +84,7 @@ pub fn init_runner() -> Result<()> {
.context("Failed to set MS_PRIVATE for build tmpdir")?;
prepare_rootfs(paths::ROOTFS_DIR)?;
+ prepare_dev(paths::DEV_DIR)?;
Ok(())
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-06 20:25:56 +0200