Allow bind-mounting regular files into the chroot
mount(2) with MS_BIND allows mounting a regular file on top of a regular file, so there's no reason to only bind directories. This allows finer control over just which files are and aren't included in the chroot without having to build symlink trees or the like. Signed-off-by: Shea Levy <shea@shealevy.com>
This commit is contained in:
Shea Levy
Eelco Dolstra
parent
c3f5413e80
commit
16591eb3cc
1 changed files with 9 additions and 1 deletions
|
|
@ -2117,11 +2117,19 @@ void DerivationGoal::initChild()
|
||||||
filesystem that we want in the chroot
|
filesystem that we want in the chroot
|
||||||
environment. */
|
environment. */
|
||||||
foreach (DirsInChroot::iterator, i, dirsInChroot) {
|
foreach (DirsInChroot::iterator, i, dirsInChroot) {
|
||||||
|
struct stat st;
|
||||||
Path source = i->second;
|
Path source = i->second;
|
||||||
Path target = chrootRootDir + i->first;
|
Path target = chrootRootDir + i->first;
|
||||||
if (source == "/proc") continue; // backwards compatibility
|
if (source == "/proc") continue; // backwards compatibility
|
||||||
debug(format("bind mounting `%1%' to `%2%'") % source % target);
|
debug(format("bind mounting `%1%' to `%2%'") % source % target);
|
||||||
createDirs(target);
|
if (stat(source.c_str(), &st) == -1)
|
||||||
|
throw SysError(format("getting attributes of path `%1%'") % source);
|
||||||
|
if (S_ISDIR(st.st_mode))
|
||||||
|
createDirs(target);
|
||||||
|
else {
|
||||||
|
createDirs(dirOf(target));
|
||||||
|
writeFile(target, "");
|
||||||
|
}
|
||||||
if (mount(source.c_str(), target.c_str(), "", MS_BIND, 0) == -1)
|
if (mount(source.c_str(), target.c_str(), "", MS_BIND, 0) == -1)
|
||||||
throw SysError(format("bind mount from `%1%' to `%2%' failed") % source % target);
|
throw SysError(format("bind mount from `%1%' to `%2%' failed") % source % target);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue