You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@buildstream.apache.org by gi...@apache.org on 2020/12/29 13:09:36 UTC

[buildstream] branch valentindavid/chroot_fixes created (now 7263d70)

This is an automated email from the ASF dual-hosted git repository.

github-bot pushed a change to branch valentindavid/chroot_fixes
in repository https://gitbox.apache.org/repos/asf/buildstream.git.


      at 7263d70  Fix a double unmount in chroot sandbox

This branch includes the following new commits:

     new c45375f  src/buildstream/testing/_utils/site.py: Disable bwrap when not using sanbox
     new a64f976  Catch unhandled exception when shell is not executable on chroot sandbox
     new 7263d70  Fix a double unmount in chroot sandbox

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[buildstream] 01/03: src/buildstream/testing/_utils/site.py: Disable bwrap when not using sanbox

Posted by gi...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

github-bot pushed a commit to branch valentindavid/chroot_fixes
in repository https://gitbox.apache.org/repos/asf/buildstream.git

commit c45375fcddbf48ce9487debe4afb8059b0134f3e
Author: Valentin David <va...@codethink.co.uk>
AuthorDate: Thu Jul 11 20:30:27 2019 +0200

    src/buildstream/testing/_utils/site.py: Disable bwrap when not using sanbox
    
    In order to test locally the code for chroot, one needs to define
    `BST_FORCE_BACKEND`. But many tests use HAVE_BWRAP only to test
    whether a test is made for bwrap, even if BuildStream will ignore
    bwrap. To simplify, we disable bwrap when not using Linux backend so
    one does not have to uninstall bwrap.
---
 src/buildstream/testing/_utils/site.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/buildstream/testing/_utils/site.py b/src/buildstream/testing/_utils/site.py
index 64e0603..f829151 100644
--- a/src/buildstream/testing/_utils/site.py
+++ b/src/buildstream/testing/_utils/site.py
@@ -69,6 +69,10 @@ IS_WINDOWS = (os.name == 'nt')
 
 if not IS_LINUX:
     HAVE_SANDBOX = True   # fallback to a chroot sandbox on unix
+    # Force disabling bwrap tests in case BST_FORCE_BACKEND was used
+    # but bwrap was available.
+    HAVE_BWRAP = False
+    HAVE_BWRAP_JSON_STATUS = False
 elif IS_WSL:
     HAVE_SANDBOX = False  # Sandboxes are inoperable under WSL due to lack of FUSE
 elif IS_LINUX and HAVE_BWRAP:

[buildstream] 02/03: Catch unhandled exception when shell is not executable on chroot sandbox

Posted by gi...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

github-bot pushed a commit to branch valentindavid/chroot_fixes
in repository https://gitbox.apache.org/repos/asf/buildstream.git

commit a64f976d4e465ff211e70ab116244e4eebd3ac0d
Author: Valentin David <va...@codethink.co.uk>
AuthorDate: Thu Jul 11 20:35:11 2019 +0200

    Catch unhandled exception when shell is not executable on chroot sandbox
---
 src/buildstream/sandbox/_sandboxchroot.py          |  2 ++
 .../sandbox-bwrap/non-executable-shell-success.bst |  9 +++++++++
 tests/integration/sandbox-chroot.py                | 23 ++++++++++++++++++++++
 3 files changed, 34 insertions(+)

diff --git a/src/buildstream/sandbox/_sandboxchroot.py b/src/buildstream/sandbox/_sandboxchroot.py
index 7266a00..95e247e 100644
--- a/src/buildstream/sandbox/_sandboxchroot.py
+++ b/src/buildstream/sandbox/_sandboxchroot.py
@@ -194,6 +194,8 @@ class SandboxChroot(Sandbox):
                                    .format(rootfs, cwd)) from e
             else:
                 raise SandboxError('Could not run command {}: {}'.format(command, e)) from e
+        except PermissionError as e:
+            raise SandboxError('Permission error to run command {}: {}'.format(command, e)) from e
 
         return code
 
diff --git a/tests/integration/project/elements/sandbox-bwrap/non-executable-shell-success.bst b/tests/integration/project/elements/sandbox-bwrap/non-executable-shell-success.bst
new file mode 100644
index 0000000..e22e989
--- /dev/null
+++ b/tests/integration/project/elements/sandbox-bwrap/non-executable-shell-success.bst
@@ -0,0 +1,9 @@
+kind: manual
+
+depends:
+  - sandbox-bwrap/break-shell.bst
+
+config:
+  build-commands:
+  - |
+    exit 0
diff --git a/tests/integration/sandbox-chroot.py b/tests/integration/sandbox-chroot.py
new file mode 100644
index 0000000..7596cbe
--- /dev/null
+++ b/tests/integration/sandbox-chroot.py
@@ -0,0 +1,23 @@
+import os
+import pytest
+
+from buildstream.testing._utils.site import HAVE_SANBOX
+
+
+pytestmark = pytest.mark.integration
+
+
+DATA_DIR = os.path.join(
+    os.path.dirname(os.path.realpath(__file__)),
+    "project"
+)
+
+
+@pytest.mark.skipif(HAVE_SANBOX, reason='Chroot equivalent test')
+@pytest.mark.datafiles(DATA_DIR)
+def test_sandbox_chroot_permission_denied(cli, datafiles):
+    project = str(datafiles)
+    element_name = 'sandbox-bwrap/non-executable-shell-success.bst'
+
+    result = cli.run(project=project, args=['build', element_name])
+    result.assert_task_error(error_domain=ErrorDomain.SANDBOX)

[buildstream] 03/03: Fix a double unmount in chroot sandbox

Posted by gi...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

github-bot pushed a commit to branch valentindavid/chroot_fixes
in repository https://gitbox.apache.org/repos/asf/buildstream.git

commit 7263d705ab66d4ceb8565d4e1213bbce5892529f
Author: Valentin David <va...@codethink.co.uk>
AuthorDate: Thu Jul 11 20:36:39 2019 +0200

    Fix a double unmount in chroot sandbox
    
    It appears the hack that was used to not double-unmount did not work.
    The error was just ignored but an error message would be printed.
---
 src/buildstream/sandbox/_mounter.py       | 7 ++++---
 src/buildstream/sandbox/_sandboxchroot.py | 4 ++--
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/buildstream/sandbox/_mounter.py b/src/buildstream/sandbox/_mounter.py
index e6054c2..8033253 100644
--- a/src/buildstream/sandbox/_mounter.py
+++ b/src/buildstream/sandbox/_mounter.py
@@ -90,7 +90,7 @@ class Mounter():
     @classmethod
     @contextmanager
     def mount(cls, dest, src=None, stdout=sys.stdout,
-              stderr=sys.stderr, mount_type=None, **kwargs):
+              stderr=sys.stderr, mount_type=None, unmount=True, **kwargs):
 
         def kill_proc():
             cls._umount(dest, stdout, stderr)
@@ -100,9 +100,10 @@ class Mounter():
         path = cls._mount(dest, src, mount_type, stdout=stdout, stderr=stderr, options=options)
         try:
             with _signals.terminator(kill_proc):
-                yield path
+                 yield path
         finally:
-            cls._umount(dest, stdout, stderr)
+            if unmount:
+                cls._umount(dest, stdout, stderr)
 
     # bind_mount()
     #
diff --git a/src/buildstream/sandbox/_sandboxchroot.py b/src/buildstream/sandbox/_sandboxchroot.py
index 95e247e..49f4931 100644
--- a/src/buildstream/sandbox/_sandboxchroot.py
+++ b/src/buildstream/sandbox/_sandboxchroot.py
@@ -288,11 +288,11 @@ class SandboxChroot(Sandbox):
 
             # Remount root RO if necessary
             if flags & flags & SandboxFlags.ROOT_READ_ONLY:
-                root_mount = Mounter.mount(rootfs, stdout=stdout, stderr=stderr, remount=True, ro=True, bind=True)
                 # Since the exit stack has already registered a mount
                 # for this path, we do not need to register another
                 # umount call.
-                root_mount.__enter__()
+                stack.enter_context(Mounter.mount(rootfs, stdout=stdout, stderr=stderr, unmount=False,
+                                                  remount=True, ro=True, bind=True))
 
             yield