Merge remote-tracking branch 'origin/master'

Conflicts:
	oz-mount/mount.go
master
dma 9 years ago
commit ee4349cb61

@ -272,13 +272,13 @@ func (sbox *Sandbox) UnmountFile(file, binpath string, log *logging.Logger) erro
func (sbox *Sandbox) whitelistArgumentFiles(binpath, pwd string, args []string, log *logging.Logger) { func (sbox *Sandbox) whitelistArgumentFiles(binpath, pwd string, args []string, log *logging.Logger) {
var files []string var files []string
for _, fpath := range args { for _, fpath := range args {
if filepath.IsAbs(fpath) == false {
fpath = path.Join(pwd, fpath)
}
if !strings.HasPrefix(fpath, "/home/") {
continue
}
if _, err := os.Stat(fpath); err == nil { if _, err := os.Stat(fpath); err == nil {
if filepath.IsAbs(fpath) == false {
fpath = path.Join(pwd, fpath)
}
if !strings.HasPrefix(fpath, "/home/") {
continue
}
log.Notice("Adding file `%s` to sandbox `%s`.", fpath, sbox.profile.Name) log.Notice("Adding file `%s` to sandbox `%s`.", fpath, sbox.profile.Name)
files = append(files, fpath) files = append(files, fpath)
} }

@ -531,7 +531,7 @@ func (st *initState) setupFilesystem(extra []oz.WhitelistItem) error {
fs := fs.NewFilesystem(st.config, st.log) fs := fs.NewFilesystem(st.config, st.log)
if err := setupRootfs(fs); err != nil { if err := setupRootfs(fs, st.config.UseFullDev); err != nil {
return err return err
} }

@ -72,7 +72,7 @@ func _makedev(x, y int) int {
return (((x) << 8) | (y)) return (((x) << 8) | (y))
} }
func setupRootfs(fsys *fs.Filesystem) error { func setupRootfs(fsys *fs.Filesystem, useFullDev bool) error {
if err := os.MkdirAll(fsys.Root(), 0755); err != nil { if err := os.MkdirAll(fsys.Root(), 0755); err != nil {
return fmt.Errorf("could not create rootfs path '%s': %v", fsys.Root(), err) return fmt.Errorf("could not create rootfs path '%s': %v", fsys.Root(), err)
} }
@ -107,9 +107,11 @@ func setupRootfs(fsys *fs.Filesystem) error {
return err return err
} }
for _, d := range basicDevices { if (!useFullDev) {
if err := fsys.CreateDevice(d.path, d.dev, d.mode); err != nil { for _, d := range basicDevices {
return err if err := fsys.CreateDevice(d.path, d.dev, d.mode); err != nil {
return err
}
} }
} }

@ -11,6 +11,15 @@ __attribute__((constructor)) void init(void) {
*/ */
import "C" import "C"
/*
As per the setns documentation, it is impossible to enter a
mount namespace from a multithreaded process.
One MUST insure that opening the namespace happens when the process
has only one thread. This is impossible from golang, as such we call
this C function as a constructor to ensure that it is executed
before the go scheduler launches other threads.
*/
import ( import (
"fmt" "fmt"
"os" "os"
@ -35,7 +44,6 @@ func Main(mode int) {
log.Error("Could not load configuration: %s (%+v)", oz.DefaultConfigPath, err) log.Error("Could not load configuration: %s (%+v)", oz.DefaultConfigPath, err)
os.Exit(1) os.Exit(1)
} }
fsys := fs.NewFilesystem(config, log) fsys := fs.NewFilesystem(config, log)
homedir := os.Getenv("_OZ_HOMEDIR") homedir := os.Getenv("_OZ_HOMEDIR")
if homedir == "" { if homedir == "" {

Loading…
Cancel
Save