You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@buildstream.apache.org by gi...@apache.org on 2020/12/29 13:09:36 UTC
[buildstream] branch valentindavid/chroot_fixes created (now
7263d70)
This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a change to branch valentindavid/chroot_fixes
in repository https://gitbox.apache.org/repos/asf/buildstream.git.
at 7263d70 Fix a double unmount in chroot sandbox
This branch includes the following new commits:
new c45375f src/buildstream/testing/_utils/site.py: Disable bwrap when not using sanbox
new a64f976 Catch unhandled exception when shell is not executable on chroot sandbox
new 7263d70 Fix a double unmount in chroot sandbox
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[buildstream] 01/03: src/buildstream/testing/_utils/site.py:
Disable bwrap when not using sanbox
Posted by gi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a commit to branch valentindavid/chroot_fixes
in repository https://gitbox.apache.org/repos/asf/buildstream.git
commit c45375fcddbf48ce9487debe4afb8059b0134f3e
Author: Valentin David <va...@codethink.co.uk>
AuthorDate: Thu Jul 11 20:30:27 2019 +0200
src/buildstream/testing/_utils/site.py: Disable bwrap when not using sanbox
In order to test locally the code for chroot, one needs to define
`BST_FORCE_BACKEND`. But many tests use HAVE_BWRAP only to test
whether a test is made for bwrap, even if BuildStream will ignore
bwrap. To simplify, we disable bwrap when not using Linux backend so
one does not have to uninstall bwrap.
---
src/buildstream/testing/_utils/site.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/buildstream/testing/_utils/site.py b/src/buildstream/testing/_utils/site.py
index 64e0603..f829151 100644
--- a/src/buildstream/testing/_utils/site.py
+++ b/src/buildstream/testing/_utils/site.py
@@ -69,6 +69,10 @@ IS_WINDOWS = (os.name == 'nt')
if not IS_LINUX:
HAVE_SANDBOX = True # fallback to a chroot sandbox on unix
+ # Force disabling bwrap tests in case BST_FORCE_BACKEND was used
+ # but bwrap was available.
+ HAVE_BWRAP = False
+ HAVE_BWRAP_JSON_STATUS = False
elif IS_WSL:
HAVE_SANDBOX = False # Sandboxes are inoperable under WSL due to lack of FUSE
elif IS_LINUX and HAVE_BWRAP:
[buildstream] 02/03: Catch unhandled exception when shell is not
executable on chroot sandbox
Posted by gi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a commit to branch valentindavid/chroot_fixes
in repository https://gitbox.apache.org/repos/asf/buildstream.git
commit a64f976d4e465ff211e70ab116244e4eebd3ac0d
Author: Valentin David <va...@codethink.co.uk>
AuthorDate: Thu Jul 11 20:35:11 2019 +0200
Catch unhandled exception when shell is not executable on chroot sandbox
---
src/buildstream/sandbox/_sandboxchroot.py | 2 ++
.../sandbox-bwrap/non-executable-shell-success.bst | 9 +++++++++
tests/integration/sandbox-chroot.py | 23 ++++++++++++++++++++++
3 files changed, 34 insertions(+)
diff --git a/src/buildstream/sandbox/_sandboxchroot.py b/src/buildstream/sandbox/_sandboxchroot.py
index 7266a00..95e247e 100644
--- a/src/buildstream/sandbox/_sandboxchroot.py
+++ b/src/buildstream/sandbox/_sandboxchroot.py
@@ -194,6 +194,8 @@ class SandboxChroot(Sandbox):
.format(rootfs, cwd)) from e
else:
raise SandboxError('Could not run command {}: {}'.format(command, e)) from e
+ except PermissionError as e:
+ raise SandboxError('Permission error to run command {}: {}'.format(command, e)) from e
return code
diff --git a/tests/integration/project/elements/sandbox-bwrap/non-executable-shell-success.bst b/tests/integration/project/elements/sandbox-bwrap/non-executable-shell-success.bst
new file mode 100644
index 0000000..e22e989
--- /dev/null
+++ b/tests/integration/project/elements/sandbox-bwrap/non-executable-shell-success.bst
@@ -0,0 +1,9 @@
+kind: manual
+
+depends:
+ - sandbox-bwrap/break-shell.bst
+
+config:
+ build-commands:
+ - |
+ exit 0
diff --git a/tests/integration/sandbox-chroot.py b/tests/integration/sandbox-chroot.py
new file mode 100644
index 0000000..7596cbe
--- /dev/null
+++ b/tests/integration/sandbox-chroot.py
@@ -0,0 +1,23 @@
+import os
+import pytest
+
+from buildstream.testing._utils.site import HAVE_SANBOX
+
+
+pytestmark = pytest.mark.integration
+
+
+DATA_DIR = os.path.join(
+ os.path.dirname(os.path.realpath(__file__)),
+ "project"
+)
+
+
+@pytest.mark.skipif(HAVE_SANBOX, reason='Chroot equivalent test')
+@pytest.mark.datafiles(DATA_DIR)
+def test_sandbox_chroot_permission_denied(cli, datafiles):
+ project = str(datafiles)
+ element_name = 'sandbox-bwrap/non-executable-shell-success.bst'
+
+ result = cli.run(project=project, args=['build', element_name])
+ result.assert_task_error(error_domain=ErrorDomain.SANDBOX)
[buildstream] 03/03: Fix a double unmount in chroot sandbox
Posted by gi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a commit to branch valentindavid/chroot_fixes
in repository https://gitbox.apache.org/repos/asf/buildstream.git
commit 7263d705ab66d4ceb8565d4e1213bbce5892529f
Author: Valentin David <va...@codethink.co.uk>
AuthorDate: Thu Jul 11 20:36:39 2019 +0200
Fix a double unmount in chroot sandbox
It appears the hack that was used to not double-unmount did not work.
The error was just ignored but an error message would be printed.
---
src/buildstream/sandbox/_mounter.py | 7 ++++---
src/buildstream/sandbox/_sandboxchroot.py | 4 ++--
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/src/buildstream/sandbox/_mounter.py b/src/buildstream/sandbox/_mounter.py
index e6054c2..8033253 100644
--- a/src/buildstream/sandbox/_mounter.py
+++ b/src/buildstream/sandbox/_mounter.py
@@ -90,7 +90,7 @@ class Mounter():
@classmethod
@contextmanager
def mount(cls, dest, src=None, stdout=sys.stdout,
- stderr=sys.stderr, mount_type=None, **kwargs):
+ stderr=sys.stderr, mount_type=None, unmount=True, **kwargs):
def kill_proc():
cls._umount(dest, stdout, stderr)
@@ -100,9 +100,10 @@ class Mounter():
path = cls._mount(dest, src, mount_type, stdout=stdout, stderr=stderr, options=options)
try:
with _signals.terminator(kill_proc):
- yield path
+ yield path
finally:
- cls._umount(dest, stdout, stderr)
+ if unmount:
+ cls._umount(dest, stdout, stderr)
# bind_mount()
#
diff --git a/src/buildstream/sandbox/_sandboxchroot.py b/src/buildstream/sandbox/_sandboxchroot.py
index 95e247e..49f4931 100644
--- a/src/buildstream/sandbox/_sandboxchroot.py
+++ b/src/buildstream/sandbox/_sandboxchroot.py
@@ -288,11 +288,11 @@ class SandboxChroot(Sandbox):
# Remount root RO if necessary
if flags & flags & SandboxFlags.ROOT_READ_ONLY:
- root_mount = Mounter.mount(rootfs, stdout=stdout, stderr=stderr, remount=True, ro=True, bind=True)
# Since the exit stack has already registered a mount
# for this path, we do not need to register another
# umount call.
- root_mount.__enter__()
+ stack.enter_context(Mounter.mount(rootfs, stdout=stdout, stderr=stderr, unmount=False,
+ remount=True, ro=True, bind=True))
yield