Allow bind-mounting regular files into the chroot

mount(2) with MS_BIND allows mounting a regular file on top of a regular
file, so there's no reason to only bind directories. This allows finer
control over just which files are and aren't included in the chroot
without having to build symlink trees or the like.

Signed-off-by: Shea Levy <shea@shealevy.com>
This commit is contained in:
Shea Levy 2013-07-12 09:35:33 -04:00 committed by Eelco Dolstra
parent c3f5413e80
commit 16591eb3cc

View file

@ -2117,11 +2117,19 @@ void DerivationGoal::initChild()
filesystem that we want in the chroot filesystem that we want in the chroot
environment. */ environment. */
foreach (DirsInChroot::iterator, i, dirsInChroot) { foreach (DirsInChroot::iterator, i, dirsInChroot) {
struct stat st;
Path source = i->second; Path source = i->second;
Path target = chrootRootDir + i->first; Path target = chrootRootDir + i->first;
if (source == "/proc") continue; // backwards compatibility if (source == "/proc") continue; // backwards compatibility
debug(format("bind mounting `%1%' to `%2%'") % source % target); debug(format("bind mounting `%1%' to `%2%'") % source % target);
if (stat(source.c_str(), &st) == -1)
throw SysError(format("getting attributes of path `%1%'") % source);
if (S_ISDIR(st.st_mode))
createDirs(target); createDirs(target);
else {
createDirs(dirOf(target));
writeFile(target, "");
}
if (mount(source.c_str(), target.c_str(), "", MS_BIND, 0) == -1) if (mount(source.c_str(), target.c_str(), "", MS_BIND, 0) == -1)
throw SysError(format("bind mount from `%1%' to `%2%' failed") % source % target); throw SysError(format("bind mount from `%1%' to `%2%' failed") % source % target);
} }