Set up a minimal /dev in chroots

Not bind-mounting the /dev from the host also solves the problem with /dev/shm being a symlink to something not in the chroot.
author: Eelco Dolstra <eelco.dolstra@logicblox.com> 2014-02-27 23:17:53 +0100
committer: Eelco Dolstra <eelco.dolstra@logicblox.com> 2014-02-27 23:17:53 +0100
commit: 3fd01b171a74d28dc8e48b9ee5f2d0e9a3915fb8 (patch)
tree: 42620e16ae70c2f98354f7f3bd316b0473f7030e /src/libstore/build.cc
parent: c9f6232304558cbdafb14e13e316e539f5bed72e (diff)
1 files changed, 22 insertions, 3 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index cec03fee4..7a78d5557 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -2013,6 +2013,26 @@ void DerivationGoal::initChild()
                     throw SysError(format("unable to make filesystem `%1%' private") % fs);
             }
 
+            /* Set up a nearly empty /dev, unless the user asked to
+               bind-mount the host /dev. */
+            if (dirsInChroot.find("/dev") == dirsInChroot.end()) {
+                createDirs(chrootRootDir + "/dev/shm");
+                Strings ss;
+                ss.push_back("/dev/full");
+                ss.push_back("/dev/kvm");
+                ss.push_back("/dev/null");
+                ss.push_back("/dev/ptmx");
+                ss.push_back("/dev/random");
+                ss.push_back("/dev/tty");
+                ss.push_back("/dev/urandom");
+                ss.push_back("/dev/zero");
+                foreach (Strings::iterator, i, ss) dirsInChroot[*i] = *i;
+                createSymlink("/proc/self/fd", chrootRootDir + "/dev/fd");
+                createSymlink("/proc/self/fd/0", chrootRootDir + "/dev/stdin");
+                createSymlink("/proc/self/fd/1", chrootRootDir + "/dev/stdout");
+                createSymlink("/proc/self/fd/2", chrootRootDir + "/dev/stderr");
+            }
+
             /* Bind-mount all the directories from the "host"
                filesystem that we want in the chroot
                environment. */
@@ -2042,9 +2062,8 @@ void DerivationGoal::initChild()
 
             /* Mount a new tmpfs on /dev/shm to ensure that whatever
                the builder puts in /dev/shm is cleaned up automatically. */
-            if (pathExists("/dev/shm"))
-                if (mount("none", (chrootRootDir + "/dev/shm").c_str(), "tmpfs", 0, 0) == -1)
-                    throw SysError("mounting /dev/shm");
+            if (pathExists("/dev/shm") && mount("none", (chrootRootDir + "/dev/shm").c_str(), "tmpfs", 0, 0) == -1)
+                throw SysError("mounting /dev/shm");
 
             /* Do the chroot().  Below we do a chdir() to the
                temporary build directory to make sure the current
author	Eelco Dolstra <eelco.dolstra@logicblox.com>	2014-02-27 23:17:53 +0100
committer	Eelco Dolstra <eelco.dolstra@logicblox.com>	2014-02-27 23:17:53 +0100
commit	3fd01b171a74d28dc8e48b9ee5f2d0e9a3915fb8 (patch)
tree	42620e16ae70c2f98354f7f3bd316b0473f7030e /src/libstore/build.cc
parent	c9f6232304558cbdafb14e13e316e539f5bed72e (diff)