From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 4E23E138247 for ; Thu, 2 Jan 2014 00:04:47 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 72831E0AB3; Thu, 2 Jan 2014 00:04:25 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 5C355E0AB3 for ; Thu, 2 Jan 2014 00:04:24 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 2632C33F730 for ; Thu, 2 Jan 2014 00:04:23 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id 6C397E553B for ; Thu, 2 Jan 2014 00:04:21 +0000 (UTC) From: "Brian Dolbec" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Brian Dolbec" Message-ID: <1388620549.9e6fc449744411579593f4f1104e0cd2f16cc7e2.dol-sen@gentoo> Subject: [gentoo-commits] proj/catalyst:pending commit in: catalyst/targets/ X-VCS-Repository: proj/catalyst X-VCS-Files: catalyst/targets/generic_stage_target.py X-VCS-Directories: catalyst/targets/ X-VCS-Committer: dol-sen X-VCS-Committer-Name: Brian Dolbec X-VCS-Revision: 9e6fc449744411579593f4f1104e0cd2f16cc7e2 X-VCS-Branch: pending Date: Thu, 2 Jan 2014 00:04:21 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 60aac790-0389-4197-bcd6-10371cc1fd29 X-Archives-Hash: a48ac7c883802fb4bff8e7973b3bdf35 commit: 9e6fc449744411579593f4f1104e0cd2f16cc7e2 Author: Douglas Freed mtu edu> AuthorDate: Wed Jan 1 21:18:22 2014 +0000 Commit: Brian Dolbec gmail com> CommitDate: Wed Jan 1 23:55:49 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/catalyst.git;a=commit;h=9e6fc449 Mount /dev/shm in the chroot with the right options Bind mounting /dev/shm into the chroot isn't a good idea, as there may be collisions and result in weird side effects. Instead, we can just mount a new tmpfs there, with the right options to ensure security. (Forward ported to pending branch from 2.X Brian Dolbec) Conflicts: catalyst/targets/generic_stage_target.py --- catalyst/targets/generic_stage_target.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/catalyst/targets/generic_stage_target.py b/catalyst/targets/generic_stage_target.py index 2ca3913..3d93405 100644 --- a/catalyst/targets/generic_stage_target.py +++ b/catalyst/targets/generic_stage_target.py @@ -30,7 +30,7 @@ SOURCE_MOUNTS_DEFAULTS = { "portdir": "/usr/portage", "port_tmpdir": "tmpfs", "proc": "/proc", - "shm": "/dev/shm", + "shm": "shmfs", } # for convienience @@ -949,7 +949,7 @@ class generic_stage_target(generic_target): os.makedirs(target, 0755) if not os.path.exists(self.mountmap[x]): - if not self.mountmap[x] == "tmpfs": + if self.mountmap[x] not in ["tmpfs", "shmfs"]: os.makedirs(self.mountmap[x], 0755) src=self.mountmap[x] @@ -970,6 +970,9 @@ class generic_stage_target(generic_target): self.settings["var_tmpfs_portage"] + "G " + \ src + " " + target retval=os.system(cmd) + elif src == "shmfs": + cmd = "mount -t tmpfs -o noexec,nosuid,nodev shm " + target + retval=os.system(cmd) else: cmd = "mount --bind " + src + " " + target #print "bind(); cmd =", cmd