commit 0703677ef8750f39eb8007de9f7031ebec11ee14
parent d3f9e2c7fb637a3a5fda06a09f4d00c409e87a0a
Author: Jan Pobříslo <ccx@te2000.cz>
Date: Thu, 22 Feb 2024 08:13:07 +0100
Mount /dev conditionally
Diffstat:
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/userns_sandbox.py b/userns_sandbox.py
@@ -93,6 +93,8 @@ _umount.argtypes = (ctypes.c_char_p,)
def c_path(path):
+ if path is None:
+ return path
if isinstance(path, pathlib.PosixPath):
path = path.as_posix()
if isinstance(path, str):
@@ -141,7 +143,7 @@ def bind_mount(
return mount(
source,
target,
- "",
+ None,
(
MountFlag.BIND
| (0 if write else MountFlag.RDONLY)
@@ -252,7 +254,7 @@ class MountTMPFS:
class MountBind:
src: pathlib.PosixPath
dst: pathlib.PosixPath
- write: bool
+ write: bool = False
def __post_init__(self):
assert isinstance(self.src, pathlib.PosixPath)
@@ -338,11 +340,17 @@ class Settings:
def sandbox_run(settings, command):
mount('proc', settings.root / 'proc', 'proc', MountFlag.NOSUID | MountFlag.NODEV)
- mount('/dev', settings.root / 'dev', "", MountFlag.BIND | MountFlag.NOSUID)
- mountpoints = list(command.extra_mount)
+ if not (settings.root / 'dev/null').is_char_device():
+ mount('/dev', settings.root / 'dev', None, (MountFlag.BIND | MountFlag.NOSUID))
+
+ mountpoints = [
+ MountTMPFS(relpath('/dev/shm')),
+ ]
+ mountpoints.extend(settings.extra_mount)
mountpoints.append(MountBind(settings.versions, settings.versions.relative_to('/')))
for m in mountpoints:
m.mount(settings.root)
+
os.chroot(str(settings.root))
os.chdir('/')
exec_command(command)
