Add --bind-try options
These ignore source files not existing which allows bwrap using applications to avoid repeatedly checking if files exist. Closes: #283 Approved by: alexlarsson
This commit is contained in:

committed by
Atomic Bot

parent
62e42c971f
commit
d3515d80d4
34
bubblewrap.c
34
bubblewrap.c
@@ -99,6 +99,7 @@ typedef enum {
|
|||||||
|
|
||||||
typedef enum {
|
typedef enum {
|
||||||
NO_CREATE_DEST = (1 << 0),
|
NO_CREATE_DEST = (1 << 0),
|
||||||
|
ALLOW_NOTEXIST = (2 << 0),
|
||||||
} SetupOpFlag;
|
} SetupOpFlag;
|
||||||
|
|
||||||
typedef struct _SetupOp SetupOp;
|
typedef struct _SetupOp SetupOp;
|
||||||
@@ -207,8 +208,11 @@ usage (int ecode, FILE *out)
|
|||||||
" --lock-file DEST Take a lock on DEST while sandbox is running\n"
|
" --lock-file DEST Take a lock on DEST while sandbox is running\n"
|
||||||
" --sync-fd FD Keep this fd open while sandbox is running\n"
|
" --sync-fd FD Keep this fd open while sandbox is running\n"
|
||||||
" --bind SRC DEST Bind mount the host path SRC on DEST\n"
|
" --bind SRC DEST Bind mount the host path SRC on DEST\n"
|
||||||
|
" --bind-try SRC DEST Equal to --bind but ignores non-existant SRC\n"
|
||||||
" --dev-bind SRC DEST Bind mount the host path SRC on DEST, allowing device access\n"
|
" --dev-bind SRC DEST Bind mount the host path SRC on DEST, allowing device access\n"
|
||||||
|
" --dev-bind-try SRC DEST Equal to --dev-bind but ignores non-existant SRC\n"
|
||||||
" --ro-bind SRC DEST Bind mount the host path SRC readonly on DEST\n"
|
" --ro-bind SRC DEST Bind mount the host path SRC readonly on DEST\n"
|
||||||
|
" --ro-bind-try SRC DEST Equal to --ro-bind but ignores non-existant SRC\n"
|
||||||
" --remount-ro DEST Remount DEST as readonly; does not recursively remount\n"
|
" --remount-ro DEST Remount DEST as readonly; does not recursively remount\n"
|
||||||
" --exec-label LABEL Exec label for the sandbox\n"
|
" --exec-label LABEL Exec label for the sandbox\n"
|
||||||
" --file-label LABEL File label for temporary sandbox content\n"
|
" --file-label LABEL File label for temporary sandbox content\n"
|
||||||
@@ -966,8 +970,12 @@ setup_newroot (bool unshare_pid,
|
|||||||
source = get_oldroot_path (op->source);
|
source = get_oldroot_path (op->source);
|
||||||
source_mode = get_file_mode (source);
|
source_mode = get_file_mode (source);
|
||||||
if (source_mode < 0)
|
if (source_mode < 0)
|
||||||
|
{
|
||||||
|
if (op->flags & ALLOW_NOTEXIST && errno == ENOENT)
|
||||||
|
continue; /* Ignore and move on */
|
||||||
die_with_error("Can't get type of source %s", op->source);
|
die_with_error("Can't get type of source %s", op->source);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (op->dest &&
|
if (op->dest &&
|
||||||
(op->flags & NO_CREATE_DEST) == 0)
|
(op->flags & NO_CREATE_DEST) == 0)
|
||||||
@@ -1252,7 +1260,12 @@ resolve_symlinks_in_ops (void)
|
|||||||
old_source = op->source;
|
old_source = op->source;
|
||||||
op->source = realpath (old_source, NULL);
|
op->source = realpath (old_source, NULL);
|
||||||
if (op->source == NULL)
|
if (op->source == NULL)
|
||||||
|
{
|
||||||
|
if (op->flags & ALLOW_NOTEXIST && errno == ENOENT)
|
||||||
|
op->source = old_source;
|
||||||
|
else
|
||||||
die_with_error("Can't find source path %s", old_source);
|
die_with_error("Can't find source path %s", old_source);
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
@@ -1485,38 +1498,47 @@ parse_args_recurse (int *argcp,
|
|||||||
argv++;
|
argv++;
|
||||||
argc--;
|
argc--;
|
||||||
}
|
}
|
||||||
else if (strcmp (arg, "--bind") == 0)
|
else if (strcmp(arg, "--bind") == 0 ||
|
||||||
|
strcmp(arg, "--bind-try") == 0)
|
||||||
{
|
{
|
||||||
if (argc < 3)
|
if (argc < 3)
|
||||||
die ("--bind takes two arguments");
|
die ("%s takes two arguments", arg);
|
||||||
|
|
||||||
op = setup_op_new (SETUP_BIND_MOUNT);
|
op = setup_op_new (SETUP_BIND_MOUNT);
|
||||||
op->source = argv[1];
|
op->source = argv[1];
|
||||||
op->dest = argv[2];
|
op->dest = argv[2];
|
||||||
|
if (strcmp(arg, "--bind-try") == 0)
|
||||||
|
op->flags = ALLOW_NOTEXIST;
|
||||||
|
|
||||||
argv += 2;
|
argv += 2;
|
||||||
argc -= 2;
|
argc -= 2;
|
||||||
}
|
}
|
||||||
else if (strcmp (arg, "--ro-bind") == 0)
|
else if (strcmp(arg, "--ro-bind") == 0 ||
|
||||||
|
strcmp(arg, "--ro-bind-try") == 0)
|
||||||
{
|
{
|
||||||
if (argc < 3)
|
if (argc < 3)
|
||||||
die ("--ro-bind takes two arguments");
|
die ("%s takes two arguments", arg);
|
||||||
|
|
||||||
op = setup_op_new (SETUP_RO_BIND_MOUNT);
|
op = setup_op_new (SETUP_RO_BIND_MOUNT);
|
||||||
op->source = argv[1];
|
op->source = argv[1];
|
||||||
op->dest = argv[2];
|
op->dest = argv[2];
|
||||||
|
if (strcmp(arg, "--ro-bind-try") == 0)
|
||||||
|
op->flags = ALLOW_NOTEXIST;
|
||||||
|
|
||||||
argv += 2;
|
argv += 2;
|
||||||
argc -= 2;
|
argc -= 2;
|
||||||
}
|
}
|
||||||
else if (strcmp (arg, "--dev-bind") == 0)
|
else if (strcmp (arg, "--dev-bind") == 0 ||
|
||||||
|
strcmp (arg, "--dev-bind-try") == 0)
|
||||||
{
|
{
|
||||||
if (argc < 3)
|
if (argc < 3)
|
||||||
die ("--dev-bind takes two arguments");
|
die ("%s takes two arguments", arg);
|
||||||
|
|
||||||
op = setup_op_new (SETUP_DEV_BIND_MOUNT);
|
op = setup_op_new (SETUP_DEV_BIND_MOUNT);
|
||||||
op->source = argv[1];
|
op->source = argv[1];
|
||||||
op->dest = argv[2];
|
op->dest = argv[2];
|
||||||
|
if (strcmp(arg, "--dev-bind-try") == 0)
|
||||||
|
op->flags = ALLOW_NOTEXIST;
|
||||||
|
|
||||||
argv += 2;
|
argv += 2;
|
||||||
argc -= 2;
|
argc -= 2;
|
||||||
|
12
bwrap.xml
12
bwrap.xml
@@ -183,14 +183,26 @@
|
|||||||
<term><option>--bind <arg choice="plain">SRC</arg> <arg choice="plain">DEST</arg></option></term>
|
<term><option>--bind <arg choice="plain">SRC</arg> <arg choice="plain">DEST</arg></option></term>
|
||||||
<listitem><para>Bind mount the host path <arg choice="plain">SRC</arg> on <arg choice="plain">DEST</arg></para></listitem>
|
<listitem><para>Bind mount the host path <arg choice="plain">SRC</arg> on <arg choice="plain">DEST</arg></para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--bind-try <arg choice="plain">SRC</arg> <arg choice="plain">DEST</arg></option></term>
|
||||||
|
<listitem><para>Equal to <option>--bind</option> but ignores non-existant <arg choice="plain">SRC</arg></para></listitem>
|
||||||
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--dev-bind <arg choice="plain">SRC</arg> <arg choice="plain">DEST</arg></option></term>
|
<term><option>--dev-bind <arg choice="plain">SRC</arg> <arg choice="plain">DEST</arg></option></term>
|
||||||
<listitem><para>Bind mount the host path <arg choice="plain">SRC</arg> on <arg choice="plain">DEST</arg>, allowing device access</para></listitem>
|
<listitem><para>Bind mount the host path <arg choice="plain">SRC</arg> on <arg choice="plain">DEST</arg>, allowing device access</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--dev-bind-try <arg choice="plain">SRC</arg> <arg choice="plain">DEST</arg></option></term>
|
||||||
|
<listitem><para>Equal to <option>--dev-bind</option> but ignores non-existant <arg choice="plain">SRC</arg></para></listitem>
|
||||||
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--ro-bind <arg choice="plain">SRC</arg> <arg choice="plain">DEST</arg></option></term>
|
<term><option>--ro-bind <arg choice="plain">SRC</arg> <arg choice="plain">DEST</arg></option></term>
|
||||||
<listitem><para>Bind mount the host path <arg choice="plain">SRC</arg> readonly on <arg choice="plain">DEST</arg></para></listitem>
|
<listitem><para>Bind mount the host path <arg choice="plain">SRC</arg> readonly on <arg choice="plain">DEST</arg></para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--ro-bind-try <arg choice="plain">SRC</arg> <arg choice="plain">DEST</arg></option></term>
|
||||||
|
<listitem><para>Equal to <option>--ro-bind</option> but ignores non-existant <arg choice="plain">SRC</arg></para></listitem>
|
||||||
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--remount-ro <arg choice="plain">DEST</arg></option></term>
|
<term><option>--remount-ro <arg choice="plain">DEST</arg></option></term>
|
||||||
<listitem><para>Remount the path <arg choice="plain">DEST</arg> as readonly. It works only on the specified mount point, without changing any other mount point under the specified path</para></listitem>
|
<listitem><para>Remount the path <arg choice="plain">DEST</arg> as readonly. It works only on the specified mount point, without changing any other mount point under the specified path</para></listitem>
|
||||||
|
Reference in New Issue
Block a user