diff options
| author | Alexander Larsson <alexl@redhat.com> | 2018-02-15 10:10:18 +0100 |
|---|---|---|
| committer | Alexander Larsson <alexl@redhat.com> | 2018-02-19 11:17:09 +0100 |
| commit | 0d9543c61c548ba631c69743487da615670f66f1 (patch) | |
| tree | a297d2d6b6dc5eb2893401a0788f5426ff3a8981 | |
| parent | 984865b95795b5468046bedb5ddf96b47c501de3 (diff) | |
| download | flatpak-0d9543c61c548ba631c69743487da615670f66f1.tar.gz | |
Fix flatpak build on atomic
On atomic, /home is a symlink to /var/home, which caused
problems in flatpak build when granting access to the homedir.
Due to a previous workaround (in 1aadc3ee40f915927c129d0090d95497a23b4f5f) we
make /var in the flatpak build sandbox be completely overridden
with $builddir/var so that the above symlink would not cause problems
in the persisted directory.
However, when we actually *want* to give access to that symlink this
causes problem.
In general, exposing /var in the sandbox has two uses:
* Allowing persisting tmpfiles in /var/tmp between individual
flatpak build commands (/tmp is per-build-command).
* Creating flatpaks from packages, such as rpms, where
we want to keep the rpm database (/var/lib/rpm) around during
the entire build so that dependencies can be resolved.
In order to handle these /var/home issues while still allowing
the above issues we instead persist only /var/tmp and /var/lib.
Fixes https://github.com/flatpak/flatpak/issues/1407
Closes: #1421
Approved by: alexlarsson
| -rw-r--r-- | app/flatpak-builtins-build.c | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/app/flatpak-builtins-build.c b/app/flatpak-builtins-build.c index f40f27b8..639334ed 100644 --- a/app/flatpak-builtins-build.c +++ b/app/flatpak-builtins-build.c @@ -83,6 +83,8 @@ flatpak_builtin_build (int argc, char **argv, GCancellable *cancellable, GError g_autoptr(GVariant) runtime_deploy_data = NULL; g_autoptr(FlatpakDeploy) extensionof_deploy = NULL; g_autoptr(GFile) var = NULL; + g_autoptr(GFile) var_tmp = NULL; + g_autoptr(GFile) var_lib = NULL; g_autoptr(GFile) usr = NULL; g_autoptr(GFile) res_deploy = NULL; g_autoptr(GFile) res_files = NULL; @@ -229,7 +231,11 @@ flatpak_builtin_build (int argc, char **argv, GCancellable *cancellable, GError } var = g_file_get_child (res_deploy, "var"); - if (!flatpak_mkdir_p (var, cancellable, error)) + var_tmp = g_file_get_child (var, "tmp"); + if (!flatpak_mkdir_p (var_tmp, cancellable, error)) + return FALSE; + var_lib = g_file_get_child (var, "lib"); + if (!flatpak_mkdir_p (var_lib, cancellable, error)) return FALSE; res_files = g_file_get_child (res_deploy, "files"); @@ -377,6 +383,18 @@ flatpak_builtin_build (int argc, char **argv, GCancellable *cancellable, GError "--setenv", "FLATPAK_ARCH", runtime_ref_parts[2], NULL); + /* Persist some stuff in /var. We can't persist everything because that breaks /var things + * from the host to work. For example the /home -> /var/home on atomic. + * The interesting things to contain during the build is /var/tmp (for tempfiles shared during builds) + * and things like /var/lib/rpm, if the installation uses packages. + */ + flatpak_bwrap_add_args (bwrap, + "--bind", flatpak_file_get_path_cached (var_lib), "/var/lib", + NULL); + flatpak_bwrap_add_args (bwrap, + "--bind", flatpak_file_get_path_cached (var_tmp), "/var/tmp", + NULL); + app_context = flatpak_app_compute_permissions (metakey, runtime_metakey, error); @@ -406,11 +424,6 @@ flatpak_builtin_build (int argc, char **argv, GCancellable *cancellable, GError app_context, app_id_dir, NULL, cancellable, error)) return FALSE; - /* After setup_base to avoid conflicts with /var symlinks */ - flatpak_bwrap_add_args (bwrap, - "--bind", flatpak_file_get_path_cached (var), "/var", - NULL); - for (i = 0; opt_bind_mounts != NULL && opt_bind_mounts[i] != NULL; i++) { char *split = strchr (opt_bind_mounts[i], '='); |