Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

keep toplevel dir modes and symlinks #138

Merged
merged 19 commits into from
Mar 8, 2024
Merged
Show file tree
Hide file tree
Changes from 10 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion test/reuse_problematic_sandbox.sh
Original file line number Diff line number Diff line change
Expand Up @@ -30,5 +30,5 @@ try_example_dir=$(mktemp -d)
# at the moment, this modification will be caught as illegal by `try`,
# but it doesn't seem to both overlayfs at all.
# TODO: Extend this with more problematic overlayfs modifications.
touch "$try_example_dir/temproot/bin/foo"
touch "$try_example_dir/temproot/etc/foo"
ezrizhu marked this conversation as resolved.
Show resolved Hide resolved
! "$TRY" -D "$try_example_dir" "rm file_1.txt; echo test2 >>file_2.txt; touch file.txt.gz" 2>/dev/null
48 changes: 48 additions & 0 deletions test/toplevel-perms.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
#!/bin/sh

TRY_TOP="${TRY_TOP:-$(git rev-parse --show-toplevel --show-superproject-working-tree)}"
TRY="$TRY_TOP/try"

cleanup() {
cd /

if [ -d "$try_workspace" ]
then
rm -rf "$try_workspace" >/dev/null 2>&1
fi

if [ -f "$expected" ]
then
rm "$expected"
fi

if [ -f "$target" ]
then
rm "$target"
fi

if [ -f "$cmd" ]
then
rm "$cmd"
fi
}

trap 'cleanup' EXIT

try_workspace="$(mktemp -d)"
cd "$try_workspace" || return 9
touch test

cmd="$(mktemp)"
echo "find / -maxdepth 1 -print0 | xargs -0 ls -ld | awk '{print \$1, \$3, \$4, \$9, \$10, \$11}' | grep -v 'proc' | grep -v 'swap'" > "$cmd"

# Set up expected output
expected="$(mktemp)"
sh "$cmd" >"$expected"

# Set up target output
target="$(mktemp)"

"$TRY" "sh $cmd" > "$target" || return 1
#diff -q "$expected" "$target"
diff "$expected" "$target"
32 changes: 30 additions & 2 deletions try
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ try() {
## because we have already checked if it valid.
export SANDBOX_DIR
mkdir -p "$SANDBOX_DIR/upperdir" "$SANDBOX_DIR/workdir" "$SANDBOX_DIR/temproot"
chmod 755 "$SANDBOX_DIR/temproot"

## Find all the directories and mounts that need to be mounted
DIRS_AND_MOUNTS="$(mktemp)"
Expand Down Expand Up @@ -99,9 +100,10 @@ try() {
while IFS="" read -r mountpoint
do
## Only make the directory if the original is a directory too
if [ -d "$mountpoint" ]
if [ -d "$mountpoint" ] && [ ! -L "$mountpoint" ]
ezrizhu marked this conversation as resolved.
Show resolved Hide resolved
then
mkdir -p "${SANDBOX_DIR}/upperdir/${mountpoint}" "${SANDBOX_DIR}/workdir/${mountpoint}" "${SANDBOX_DIR}/temproot/${mountpoint}"
# shellcheck disable=SC2174 # warning acknowledged, "When used with -p, -m only applies to the deepest directory."
mkdir -m "$(stat -c %a "$mountpoint")" -p "${SANDBOX_DIR}/upperdir/${mountpoint}" "${SANDBOX_DIR}/workdir/${mountpoint}" "${SANDBOX_DIR}/temproot/${mountpoint}"
fi
done <"$DIRS_AND_MOUNTS"

Expand Down Expand Up @@ -177,6 +179,12 @@ do
continue
fi

## We will deal with symlinks later
if [ -L "$mountpoint" ]
then
continue
fi

## Don't do anything for the root and skip if it is /dev or /proc, we will mount it later
case "$pure_mountpoint" in
(/|/dev|/proc) continue;;
Expand Down Expand Up @@ -214,6 +222,17 @@ do
fi
done

## now we deal with symlinks
ezrizhu marked this conversation as resolved.
Show resolved Hide resolved
while IFS="" read -r mountpoint
do
## We're only interested in symlinks
if ! [ -L "$mountpoint" ]
then
continue
fi
ln -s $(readlink "$mountpoint") "$sandbox_dir/temproot/$mountpoint"
done <"$DIRS_AND_MOUNTS"

## Mount a few select devices in /dev
mount_devices "$SANDBOX_DIR"

Expand Down Expand Up @@ -263,6 +282,15 @@ EOF
unshare --mount --map-root-user --user --pid --fork $EXTRA_NS "$mount_and_execute"
TRY_EXIT_STATUS=$?

# remove symlink
ezrizhu marked this conversation as resolved.
Show resolved Hide resolved
while IFS="" read -r mountpoint
do
if [ -L "$mountpoint" ]
then
rm "${SANDBOX_DIR}/temproot/${mountpoint}"
fi
done <"$DIRS_AND_MOUNTS"

################################################################################
# commit?

Expand Down
Loading