mrrl

Minimal Reliable Reproducible Linux
git clone https://ccx.te2000.cz/git/mrrl
Log | Files | Refs | Submodules | README
commit da07b47099784ce83bf174a53fa8d9abe9fad285
parent 5533d7efcbaf4293873296d6d4f836c6ddacbf4d
Author: Jan Pobrislo <ccx@te2000.cz>
Date:   Fri, 12 Dec 2025 02:28:44 +0000

Allow access to /dev/shm and /tmp inside sandbox

Diffstat:

Mfilelist.sha256 | 2+-


Mfiles/sandbox-rootns.in | 6++++++


Mtemplates/pkg/pthbs-sandbox-rootns | 4++++


Mvariants/ccx-x86_64/pthbs-sandbox-rootns | 6+++++-


Mvariants/ccx-x86_64/sandbox_rootns.environment | 4++--


Mvariants/root-x86_64/pthbs-sandbox-rootns | 6+++++-


Mvariants/root-x86_64/sandbox_rootns.environment | 4++--


7 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/filelist.sha256 b/filelist.sha256
@@ -101,7 +101,7 @@ ff3ddd131d73fee6838b11a6c4773bdb85c5f60fdd4b9ac4120ced021c341417  files/noobjtoo
 c7d3e7ef077d7673567d2f0c34ba2ebd689dab1250286ab482a3064c73ff7d7c  files/s6_clone_newpid.patch.old
 64488d8562a4e98a3b299f095bb2550cff6a3d743dc2b9c5aaeea03e5b83ec33  files/s6_ftrigr_max.patch
 df0c24312e4941b1035a6292504fbf569f0f8b81b083835d7df84586decef25c  files/sandbox-rootns-python.in
-0fb30f66e4b58fd8ffc2027b1aae646fa7583d3d72136a7d1e7c6c498b93cf1e  files/sandbox-rootns.in
+4b121e78772d8ea75c303dae3a9c6a631d97866cb4ceece376c5aad9191e31db  files/sandbox-rootns.in
 37d93db7135d47852dbe763f1b18b3aeab142431a6f5268a17fc700387a326e4  files/strace-6.5-static.patch
 07c3c30dab68c905d5608124e729592a30b2c087f24e7b76940f5321786128b1  files/update-links
 664430d033e0b491a5ed90cb39cb17cddb57ac0be9f3f2bf014264f3c17d55df  files/user-env
diff --git a/files/sandbox-rootns.in b/files/sandbox-rootns.in
@@ -14,6 +14,12 @@
 	${sandbox_workdir}/.tmp
 	${sandbox_workdir}/.shm
 }
+elquote:if {
+	chmod 1770 ${sandbox_workdir}/.tmp ${sandbox_workdir}/.shm
+}
+elquote:if {
+	chgrp $pthbs_gid ${sandbox_workdir}/.tmp ${sandbox_workdir}/.shm
+}
 elquote:lns-pidns
 elquote:unshare -m -u -i  # new mount, UTS and IPC namespaces
 elquote:umask 0
diff --git a/templates/pkg/pthbs-sandbox-rootns b/templates/pkg/pthbs-sandbox-rootns
@@ -15,6 +15,8 @@
 exe_name=sandbox-rootns
 
 # busybox
+prog_chgrp=$(which chgrp)
+prog_chmod=$(which chmod)
 prog_find=$(which find)
 prog_ls=$(which ls)
 prog_mkdir=$(which mkdir)
@@ -45,6 +47,8 @@ rootfs="$pthbs_build_environment/pthbs/sandbox/root.tar"
 
 awk -f ./abspaths.awk ./${exe_name}.in >./${exe_name} \
 	root.tar="$rootfs" \
+	chgrp="$prog_chgrp" \
+	chmod="$prog_chmod" \
 	find="$prog_find" \
 	ls="$prog_ls" \
 	mkdir="$prog_mkdir" \
diff --git a/variants/ccx-x86_64/pthbs-sandbox-rootns b/variants/ccx-x86_64/pthbs-sandbox-rootns
@@ -6,7 +6,7 @@
 #+lnstools.0323770ad6d2f57c28f53b151df781f4e2a6f89187a33edd64a9ffdbec1dc3d4
 #+sandbox_rootfs.e13b8b7146e2073c551d0cb14205e0e8d1f2e51cb53ffd505e42c2914d6e3692
 #@sha256:b85634a91129f85a5aad5cae51d4084dd7ce62544b5585f0899058576c16451f:abspaths.awk
-#@sha256:0fb30f66e4b58fd8ffc2027b1aae646fa7583d3d72136a7d1e7c6c498b93cf1e:sandbox-rootns.in
+#@sha256:4b121e78772d8ea75c303dae3a9c6a631d97866cb4ceece376c5aad9191e31db:sandbox-rootns.in
 
 # - build script start -
 
@@ -18,6 +18,8 @@ cd '.'
 exe_name=sandbox-rootns
 
 # busybox
+prog_chgrp=$(which chgrp)
+prog_chmod=$(which chmod)
 prog_find=$(which find)
 prog_ls=$(which ls)
 prog_mkdir=$(which mkdir)
@@ -48,6 +50,8 @@ rootfs="$pthbs_build_environment/pthbs/sandbox/root.tar"
 
 awk -f ./abspaths.awk ./${exe_name}.in >./${exe_name} \
 	root.tar="$rootfs" \
+	chgrp="$prog_chgrp" \
+	chmod="$prog_chmod" \
 	find="$prog_find" \
 	ls="$prog_ls" \
 	mkdir="$prog_mkdir" \
diff --git a/variants/ccx-x86_64/sandbox_rootns.environment b/variants/ccx-x86_64/sandbox_rootns.environment
@@ -3,4 +3,4 @@
 #+busybox.e054e881b7202c51c9573fb8595b1992f877abaf41be69fbecb4fcf6a990fb1f
 #+execline.f0d5fd261c97ee998dd0eca0d624184330449c1664f2c2747d34f72125be0d20
 #+sandbox_rootfs.e13b8b7146e2073c551d0cb14205e0e8d1f2e51cb53ffd505e42c2914d6e3692
-#+pthbs-sandbox-rootns.c0f9ea4f7f3452ffaa0dd83c0c8006b1040837ac466ba9388d0214fbdce4be14-
\ No newline at end of file
+#+pthbs-sandbox-rootns.3335cb705c7b6f9d3dbcbef012cbfe5f3ad2989f90e1acc913c547008163eff1+
\ No newline at end of file
diff --git a/variants/root-x86_64/pthbs-sandbox-rootns b/variants/root-x86_64/pthbs-sandbox-rootns
@@ -6,7 +6,7 @@
 #+lnstools.90d02dfdd75ab946401120e15a5c2009e0af209144396e6de36ea4f638b7f6a4
 #+sandbox_rootfs.62c49843190280789889f914dbd06de0ea99a0a9313866fcbb1beb07f3884664
 #@sha256:b85634a91129f85a5aad5cae51d4084dd7ce62544b5585f0899058576c16451f:abspaths.awk
-#@sha256:0fb30f66e4b58fd8ffc2027b1aae646fa7583d3d72136a7d1e7c6c498b93cf1e:sandbox-rootns.in
+#@sha256:4b121e78772d8ea75c303dae3a9c6a631d97866cb4ceece376c5aad9191e31db:sandbox-rootns.in
 
 # - build script start -
 
@@ -18,6 +18,8 @@ cd '.'
 exe_name=sandbox-rootns
 
 # busybox
+prog_chgrp=$(which chgrp)
+prog_chmod=$(which chmod)
 prog_find=$(which find)
 prog_ls=$(which ls)
 prog_mkdir=$(which mkdir)
@@ -48,6 +50,8 @@ rootfs="$pthbs_build_environment/pthbs/sandbox/root.tar"
 
 awk -f ./abspaths.awk ./${exe_name}.in >./${exe_name} \
 	root.tar="$rootfs" \
+	chgrp="$prog_chgrp" \
+	chmod="$prog_chmod" \
 	find="$prog_find" \
 	ls="$prog_ls" \
 	mkdir="$prog_mkdir" \
diff --git a/variants/root-x86_64/sandbox_rootns.environment b/variants/root-x86_64/sandbox_rootns.environment
@@ -3,4 +3,4 @@
 #+busybox.95a5f0b11c8542c83e37cdfbee23575e7e71563c72e1bb56f21d65491caf164f
 #+execline.47f2b5c1e3b324c416a0cd6c4033b64f003ab38d9afdc546db46025e944cb07f
 #+sandbox_rootfs.62c49843190280789889f914dbd06de0ea99a0a9313866fcbb1beb07f3884664
-#+pthbs-sandbox-rootns.91c86d922a4f8e9fec498c2637ccdfb03364a4180f50b0931f314f1cb3a75946-
\ No newline at end of file
+#+pthbs-sandbox-rootns.13f99b6c9e58ffd4d69c9449c89bbb4cc6c8efb6171058ea48444fea0d304566+
\ No newline at end of file