mrrl

Minimal Reliable Reproducible Linux
git clone https://ccx.te2000.cz/git/mrrl
Log | Files | Refs | Submodules | README

commit d53fb00aba69a46fd511d9cfd5a225b52a6c3c76
parent 6df7edd5bfa950f44f30777f5b997330ddd1c81d
Author: ccx <ccx@te2000.cz>
Date:   Mon, 26 Feb 2024 17:21:46 +0000

Fix device access by setting umask(0) in sandbox

Diffstat:
Mcommand/pthbs-build | 14++++++++------
Mns_sandbox.py | 1+
2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/command/pthbs-build b/command/pthbs-build @@ -199,17 +199,19 @@ function at_filehash(hash_type, file_hash, dst, dstdir){ printf "%s\n", "chown -R \"$pthbs_uid:$pthbs_gid\" "q(ENVIRON["workdir"]) } if(length(ENVIRON["envdir"])){ - printf "exec >build.log 2>&1 env" - printf " %s", "pthbs_build_environment="q(ENVIRON["envdir"]) if(settings["set_path"]) { - printf " %s", "PATH="q(ENVIRON["envdir"]"/command") sandbox_cmd - print " "q(ENVIRON["envdir"]"/command/sh")" -xe "q(ENVIRON["script"]) + cmd=sandbox_cmd" "q(ENVIRON["envdir"]"/command/env") + cmd=cmd" pthbs_build_environment="q(ENVIRON["envdir"]) + cmd=cmd" PATH="q(ENVIRON["envdir"]"/command") + cmd=cmd" "q(ENVIRON["envdir"]"/command/sh")" -xe "q(ENVIRON["script"]) } else { - print " " sandbox_cmd " sh -xe "q(ENVIRON["script"]) + cmd="env "q(ENVIRON["envdir"]"/command/env") + cmd=" sh -xe "q(ENVIRON["script"]) } } else { - print "exec >build.log 2>&1 " sandbox_cmd " sh -xe "q(ENVIRON["script"]) + cmd=sandbox_cmd" sh -xe "q(ENVIRON["script"]) } + print "exec >build.log 2>&1 " cmd exit 0 } { diff --git a/ns_sandbox.py b/ns_sandbox.py @@ -526,6 +526,7 @@ def mknod_dev(dev): def root_sandbox_setup(settings): uid, gid = settings.drop_to + os.umask(0) to_umount = [mi.mountpoint for mi in umount_order(*parse_mountinfo())] r = settings.root if settings.untar: