From c8d2df6ad130950366566a6de427d656c0332ea8 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Wed, 13 May 2015 16:36:59 +0200 Subject: [PATCH] xdg-app build: Bind mount host resolv.conf during builds Its not totally unheard of to use network during builds, for instance to download packages. This does so via a straight (readonly) bind mount of the host version. This is slightly different from what xdg-app run does, as that relies on a full session and xdg-app-helper, but instead that handles the config changing during runtime. --- xdg-app-builtins-build.c | 1 + xdg-app-helper.c | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/xdg-app-builtins-build.c b/xdg-app-builtins-build.c index 969d8d90..f3943255 100644 --- a/xdg-app-builtins-build.c +++ b/xdg-app-builtins-build.c @@ -145,6 +145,7 @@ xdg_app_builtin_build (int argc, char **argv, GCancellable *cancellable, GError g_ptr_array_add (argv_array, g_strdup ("-i")); g_ptr_array_add (argv_array, g_strdup ("-f")); g_ptr_array_add (argv_array, g_strdup ("-H")); + g_ptr_array_add (argv_array, g_strdup ("-r")); if (!xdg_app_run_verify_environment_keys ((const char **)opt_forbid, error)) goto out; diff --git a/xdg-app-helper.c b/xdg-app-helper.c index ec3fc1a6..b6fb98e6 100644 --- a/xdg-app-helper.c +++ b/xdg-app-helper.c @@ -381,6 +381,7 @@ ascii_isdigit (char c) static bool create_etc_symlink = FALSE; static bool create_etc_dir = TRUE; static bool create_monitor_links = FALSE; +static bool bind_resolv_conf = FALSE; static bool allow_dri = FALSE; static const create_table_t create[] = { @@ -410,6 +411,7 @@ static const create_table_t create[] = { { FILE_TYPE_DIR, "etc", 0755, NULL, 0, &create_etc_dir}, { FILE_TYPE_REGULAR, "etc/passwd", 0755, NULL, 0, &create_etc_dir}, { FILE_TYPE_REGULAR, "etc/group", 0755, NULL, 0, &create_etc_dir}, + { FILE_TYPE_REGULAR, "etc/resolv.conf", 0755, NULL, 0, &bind_resolv_conf}, { FILE_TYPE_SYMLINK, "etc/resolv.conf", 0755, "/run/user/%1$d/xdg-app-monitor/resolv.conf", 0, &create_monitor_links}, { FILE_TYPE_REGULAR, "etc/machine-id", 0755, NULL, 0, &create_etc_dir}, { FILE_TYPE_DIR, "tmp/.X11-unix", 0755 }, @@ -446,6 +448,7 @@ static const create_table_t create_post[] = { { FILE_TYPE_BIND_RO, "etc/group", 0444, "/etc/group", 0}, { FILE_TYPE_BIND_RO, "etc/machine-id", 0444, "/etc/machine-id", FILE_FLAGS_NON_FATAL}, { FILE_TYPE_BIND_RO, "etc/machine-id", 0444, "/var/lib/dbus/machine-id", FILE_FLAGS_NON_FATAL | FILE_FLAGS_IF_LAST_FAILED}, + { FILE_TYPE_BIND_RO, "etc/resolv.conf", 0444, "/etc/resolv.conf", 0, &bind_resolv_conf}, }; static const mount_table_t mount_table[] = { @@ -1484,7 +1487,7 @@ main (int argc, if (prctl (PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) die_with_error ("prctl(PR_SET_NO_NEW_CAPS) failed"); - while ((c = getopt (argc, argv, "+inWweEsfFHa:m:b:p:x:ly:d:D:v:I:gS:")) >= 0) + while ((c = getopt (argc, argv, "+inWweEsfFHra:m:b:p:x:ly:d:D:v:I:gS:")) >= 0) { switch (c) { @@ -1571,6 +1574,10 @@ main (int argc, pulseaudio_socket = optarg; break; + case 'r': + bind_resolv_conf = TRUE; + break; + case 's': share_shm = TRUE; break; @@ -1610,7 +1617,10 @@ main (int argc, n_args = argc - optind; if (monitor_path != NULL && create_etc_dir) - create_monitor_links = TRUE; + { + create_monitor_links = TRUE; + bind_resolv_conf = FALSE; + } if (n_args < 2) usage (argv);