diff options
author | Jürg Billeter <j@bitron.ch> | 2020-02-17 18:07:48 +0100 |
---|---|---|
committer | Jürg Billeter <j@bitron.ch> | 2020-02-27 12:33:57 +0000 |
commit | 9cf7a8ad0bdc3bdc235fe52407fd82ba5ebc6063 (patch) | |
tree | aa94ef962d4f8e6553ae1b82af8947045fa66226 | |
parent | 9892ae36805a7deb411da81a18830d7c9d63cbc6 (diff) | |
download | buildstream-9cf7a8ad0bdc3bdc235fe52407fd82ba5ebc6063.tar.gz |
_sandboxreapi.py: Support read-only rootjuerg/reapi-readonly
-rw-r--r-- | src/buildstream/sandbox/_sandboxreapi.py | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/src/buildstream/sandbox/_sandboxreapi.py b/src/buildstream/sandbox/_sandboxreapi.py index 888ba735e..c8d2be70b 100644 --- a/src/buildstream/sandbox/_sandboxreapi.py +++ b/src/buildstream/sandbox/_sandboxreapi.py @@ -57,7 +57,9 @@ class SandboxREAPI(Sandbox): # Ensure directories required for sandboxed execution exist for directory in ["dev", "proc", "tmp"]: - vdir.descend(directory, create=True) + vsubdir = vdir.descend(directory, create=True) + if flags & SandboxFlags.ROOT_READ_ONLY: + vsubdir._set_subtree_read_only(False) # Create directories for all marked directories. This emulates # some of the behaviour of other sandboxes, which create these @@ -66,6 +68,7 @@ class SandboxREAPI(Sandbox): mount_sources = self._get_mount_sources() for mark in self._get_marked_directories(): directory = mark["directory"] + if directory in mount_sources: # Bind mount mount_point = directory @@ -83,10 +86,14 @@ class SandboxREAPI(Sandbox): parent_vdir._create_empty_file(mount_point_components[-1]) else: # Read-write directory - vdir.descend(*directory.split(os.path.sep), create=True) + marked_vdir = vdir.descend(*directory.split(os.path.sep), create=True) read_write_directories.append(directory) + if flags & SandboxFlags.ROOT_READ_ONLY: + marked_vdir._set_subtree_read_only(False) - if not flags & SandboxFlags.ROOT_READ_ONLY: + if flags & SandboxFlags.ROOT_READ_ONLY: + vdir._set_subtree_read_only(True) + else: # The whole sandbox is writable read_write_directories = [os.path.sep] |