Add --tmpfs argument

This is very useful if you want to cover some area of the filesystem, or if you want to make some part of a read-only tree writable. Closes: #42 Approved by: cgwalters
author: Alexander Larsson <alexl@redhat.com> 2016-05-03 15:18:18 +0200
committer: Colin Walters (automation) <walters+githubbot@verbum.org> 2016-05-06 11:05:11 +0000
commit: 8a53e3a6647fe3fcece7a6ebb2a02e75a1155484 (patch)
tree: 92b036d3fead6ef3b5866ea47bd23717a491251d
parent: c6ad6021b3ee1ce1515a3fce4b3b73cf180317e0 (diff)
download: bubblewrap-8a53e3a6647fe3fcece7a6ebb2a02e75a1155484.tar.gz
2 files changed, 28 insertions, 1 deletions
diff --git a/bubblewrap.c b/bubblewrap.c
index 9f9d729..b0bf0f7 100644
--- a/bubblewrap.c
+++ b/bubblewrap.c
@@ -52,6 +52,7 @@ typedef enum {
   SETUP_DEV_BIND_MOUNT,
   SETUP_MOUNT_PROC,
   SETUP_MOUNT_DEV,
+  SETUP_MOUNT_TMPFS,
   SETUP_MAKE_DIR,
   SETUP_MAKE_FILE,
   SETUP_MAKE_BIND_FILE,
@@ -155,6 +156,7 @@ usage (int ecode)
            "	--file-label LABEL           File label for temporary sandbox content\n"
            "	--proc DEST		     Mount procfs on DEST\n"
            "	--dev DEST		     Mount new dev on DEST\n"
+           "	--tmpfs DEST		     Mount new tmpfs on DEST\n"
            "	--dir DEST		     Create dir at DEST\n"
            "	--file FD DEST		     Copy from FD to dest DEST\n"
            "	--bind-data FD DEST	     Copy from FD to file which is bind-mounted on DEST\n"
@@ -504,7 +506,7 @@ privileged_op (int privileged_op_socket,
     case PRIV_SEP_OP_TMPFS_MOUNT:
       {
         cleanup_free char *opt = label_mount ("mode=0755", opt_file_label);
-        if (mount ("tmpfs", arg1, "tmpfs", MS_MGC_VAL | MS_NOSUID | MS_NOEXEC, opt) != 0)
+        if (mount ("tmpfs", arg1, "tmpfs", MS_MGC_VAL | MS_NOSUID | MS_NODEV, opt) != 0)
           die_with_error ("Can't mount tmpfs on %s", arg1);
         break;
       }
@@ -670,6 +672,16 @@ setup_newroot (bool unshare_pid,
 
         break;
 
+      case SETUP_MOUNT_TMPFS:
+        if (mkdir (dest, 0755) != 0 && errno != EEXIST)
+          die_with_error ("Can't mkdir %s", op->dest);
+
+        privileged_op (privileged_op_socket,
+                       PRIV_SEP_OP_TMPFS_MOUNT, 0,
+                       dest, NULL);
+
+        break;
+
       case SETUP_MAKE_DIR:
         if (mkdir (dest, 0755) != 0 && errno != EEXIST)
           die_with_error ("Can't mkdir %s", op->dest);
@@ -970,6 +982,17 @@ parse_args (int *argcp,
           argv += 1;
           argc -= 1;
         }
+      else if (strcmp (arg, "--tmpfs") == 0)
+        {
+          if (argc < 2)
+            die ("--tmpfs takes an argument");
+
+          op = setup_op_new (SETUP_MOUNT_TMPFS);
+          op->dest = argv[1];
+
+          argv += 1;
+          argc -= 1;
+        }
       else if (strcmp (arg, "--dir") == 0)
         {
           if (argc < 2)
diff --git a/bwrap.xml b/bwrap.xml
index 2dd1baa..1edf762 100644
--- a/bwrap.xml
+++ b/bwrap.xml
@@ -179,6 +179,10 @@
       <listitem><para>Mount new devtmpfs on <arg choice="plain">DEST</arg></para></listitem>
     </varlistentry>
     <varlistentry>
+      <term><option>--tmpfs <arg choice="plain">DEST</arg></option></term>
+      <listitem><para>Mount new tmpfs on <arg choice="plain">DEST</arg></para></listitem>
+    </varlistentry>
+    <varlistentry>
       <term><option>--dir <arg choice="plain">DEST</arg></option></term>
       <listitem><para>Create a directory at <arg choice="plain">DEST</arg></para></listitem>
     </varlistentry>
author	Alexander Larsson <alexl@redhat.com>	2016-05-03 15:18:18 +0200
committer	Colin Walters (automation) <walters+githubbot@verbum.org>	2016-05-06 11:05:11 +0000
commit	8a53e3a6647fe3fcece7a6ebb2a02e75a1155484 (patch)
tree	92b036d3fead6ef3b5866ea47bd23717a491251d
parent	c6ad6021b3ee1ce1515a3fce4b3b73cf180317e0 (diff)
download	bubblewrap-8a53e3a6647fe3fcece7a6ebb2a02e75a1155484.tar.gz