diff options
| author | LaMont Jones <lamontjones@google.com> | 2023-02-16 01:20:25 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2023-02-16 01:20:25 +0000 |
| commit | cca9b211b0c6ad4e601bd6fcf2eb53317517fe2f (patch) | |
| tree | 416c67b011ecd3cab1b32d844805cce083c38b78 | |
| parent | a8044289ad80242e67c2be25ab2150dd34ef855c (diff) | |
| parent | 5b5dcd2047016d451bf10c707ff942c4a798fee1 (diff) | |
| download | orchestrator-cca9b211b0c6ad4e601bd6fcf2eb53317517fe2f.tar.gz | |
nsjail: Provide /dev/tty and /dev/std* am: 5d56a2f7c0 am: 5b5dcd2047
Original change: https://android-review.googlesource.com/c/platform/build/orchestrator/+/2438895
Change-Id: I0929b0ef424d0a3b19be2269fdc7ec695b9c2441
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
| -rw-r--r-- | core/nsjail.py | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/core/nsjail.py b/core/nsjail.py index 4905bec..3a1b8d2 100644 --- a/core/nsjail.py +++ b/core/nsjail.py @@ -48,7 +48,6 @@ class Envar(): class MountPt(object): - def __init__(self, _kw_only=(), src="", @@ -168,7 +167,6 @@ class NsjailConfigOption(object): class Nsjail(object): - def __init__(self, cwd, verbose=False): self.cwd = cwd self.verbose = verbose @@ -203,14 +201,22 @@ class Nsjail(object): # tmpfs to limit access to the external environment. MountPt(dst="/dev/shm", fstype="tmpfs", rw=True, is_bind=False), + # Add the expected tty devices. + MountPt(src="/dev/tty", dst="/dev/tty", rw=True, is_bind=True), + # These are symlinks to /proc/self/fd/{0,1,2}. + MountPt(src="/proc/self/fd/0", dst="/dev/stdin", is_symlink=True), + MountPt(src="/proc/self/fd/1", dst="/dev/stdout", is_symlink=True), + MountPt(src="/proc/self/fd/2", dst="/dev/stderr", is_symlink=True), + # Map the working User ID to a username # Some tools like Java need a valid username # Inner trees building with Soong also expect the nobody UID to be # available to setup its own nsjail. - MountPt(src_content="user:x:999999:65533:user:/tmp:/bin/bash\n" - "nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin\n", - dst="/etc/passwd", - mandatory=False), + MountPt( + src_content="user:x:999999:65533:user:/tmp:/bin/bash\n" + "nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin\n", + dst="/etc/passwd", + mandatory=False), # Define default group MountPt(src_content="group::65533:user\n" |