From 5d56a2f7c0307d7ace9baf7c72ac34c639833b23 Mon Sep 17 00:00:00 2001 From: LaMont Jones Date: Wed, 15 Feb 2023 20:44:47 +0000 Subject: nsjail: Provide /dev/tty and /dev/std* Change-Id: I6fc2ee8a985e6bd0fad11ac44ec93adab7428aa8 --- core/nsjail.py | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/core/nsjail.py b/core/nsjail.py index 4905bec..3a1b8d2 100644 --- a/core/nsjail.py +++ b/core/nsjail.py @@ -48,7 +48,6 @@ class Envar(): class MountPt(object): - def __init__(self, _kw_only=(), src="", @@ -168,7 +167,6 @@ class NsjailConfigOption(object): class Nsjail(object): - def __init__(self, cwd, verbose=False): self.cwd = cwd self.verbose = verbose @@ -203,14 +201,22 @@ class Nsjail(object): # tmpfs to limit access to the external environment. MountPt(dst="/dev/shm", fstype="tmpfs", rw=True, is_bind=False), + # Add the expected tty devices. + MountPt(src="/dev/tty", dst="/dev/tty", rw=True, is_bind=True), + # These are symlinks to /proc/self/fd/{0,1,2}. + MountPt(src="/proc/self/fd/0", dst="/dev/stdin", is_symlink=True), + MountPt(src="/proc/self/fd/1", dst="/dev/stdout", is_symlink=True), + MountPt(src="/proc/self/fd/2", dst="/dev/stderr", is_symlink=True), + # Map the working User ID to a username # Some tools like Java need a valid username # Inner trees building with Soong also expect the nobody UID to be # available to setup its own nsjail. - MountPt(src_content="user:x:999999:65533:user:/tmp:/bin/bash\n" - "nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin\n", - dst="/etc/passwd", - mandatory=False), + MountPt( + src_content="user:x:999999:65533:user:/tmp:/bin/bash\n" + "nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin\n", + dst="/etc/passwd", + mandatory=False), # Define default group MountPt(src_content="group::65533:user\n" -- cgit v1.2.3