Merge pull request #1 from shlevy/sandbox-profiles
Use AutoDelete for sandbox profile file
This commit is contained in:
Jude Taylor
commit
36f7fcc157
3 changed files with 24 additions and 5 deletions
|
|
@ -778,9 +778,13 @@ private:
|
|||
DirsInChroot dirsInChroot;
|
||||
typedef map<string, string> Environment;
|
||||
Environment env;
|
||||
#if SANDBOX_ENABLED
|
||||
typedef string SandboxProfile;
|
||||
SandboxProfile additionalSandboxProfile;
|
||||
|
||||
AutoDelete autoDelSandbox;
|
||||
#endif
|
||||
|
||||
/* Hash rewriting. */
|
||||
HashRewrites rewritesToTmp, rewritesFromTmp;
|
||||
typedef map<Path, Path> RedirectedOutputs;
|
||||
|
|
@ -2445,9 +2449,10 @@ void DerivationGoal::runChild()
|
|||
const char *builder = "invalid";
|
||||
|
||||
string sandboxProfile;
|
||||
if (isBuiltin(*drv))
|
||||
if (isBuiltin(*drv)) {
|
||||
;
|
||||
else if (useChroot && SANDBOX_ENABLED) {
|
||||
#if SANDBOX_ENABLED
|
||||
} else if (useChroot) {
|
||||
/* Lots and lots and lots of file functions freak out if they can't stat their full ancestry */
|
||||
PathSet ancestry;
|
||||
|
||||
|
|
@ -2527,16 +2532,20 @@ void DerivationGoal::runChild()
|
|||
debug("Generated sandbox profile:");
|
||||
debug(sandboxProfile);
|
||||
|
||||
Path tmpProfile = createTempDir() + "/profile.sb";
|
||||
writeFile(tmpProfile, sandboxProfile);
|
||||
Path sandboxFile = drvPath + ".sb";
|
||||
if (pathExists(sandboxFile)) deletePath(sandboxFile);
|
||||
autoDelSandbox.reset(sandboxFile, false);
|
||||
|
||||
writeFile(sandboxFile, sandboxProfile);
|
||||
|
||||
builder = "/usr/bin/sandbox-exec";
|
||||
args.push_back("sandbox-exec");
|
||||
args.push_back("-f");
|
||||
args.push_back(tmpProfile);
|
||||
args.push_back(sandboxFile);
|
||||
args.push_back("-D");
|
||||
args.push_back("_GLOBAL_TMP_DIR=" + globalTmpDir);
|
||||
args.push_back(drv->builder);
|
||||
#endif
|
||||
} else {
|
||||
builder = drv->builder.c_str();
|
||||
string builderBasename = baseNameOf(drv->builder);
|
||||
|
|
|
|||
|
|
@ -599,6 +599,8 @@ string drainFD(int fd)
|
|||
//////////////////////////////////////////////////////////////////////
|
||||
|
||||
|
||||
AutoDelete::AutoDelete() : del{false} {}
|
||||
|
||||
AutoDelete::AutoDelete(const string & p, bool recursive) : path(p)
|
||||
{
|
||||
del = true;
|
||||
|
|
@ -626,6 +628,12 @@ void AutoDelete::cancel()
|
|||
del = false;
|
||||
}
|
||||
|
||||
void AutoDelete::reset(const Path & p, bool recursive) {
|
||||
path = p;
|
||||
this->recursive = recursive;
|
||||
del = true;
|
||||
}
|
||||
|
||||
|
||||
|
||||
//////////////////////////////////////////////////////////////////////
|
||||
|
|
|
|||
|
|
@ -199,9 +199,11 @@ class AutoDelete
|
|||
bool del;
|
||||
bool recursive;
|
||||
public:
|
||||
AutoDelete();
|
||||
AutoDelete(const Path & p, bool recursive = true);
|
||||
~AutoDelete();
|
||||
void cancel();
|
||||
void reset(const Path & p, bool recursive = true);
|
||||
operator Path() const { return path; }
|
||||
};
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue