--password "$(openssl passwd -1 mkosi)" \
--groups "$SUDO_GROUP",systemd-journal \
--shell /bin/bash \
+ --uid 4711 \
mkosi
systemctl --root="$BUILDROOT" mask lvm2-monitor.service
import dataclasses
import datetime
import functools
+import getpass
import hashlib
import itertools
import json
from mkosi.user import INVOKING_USER, become_root_cmd
from mkosi.util import (
PathString,
- current_home_dir,
flatten,
flock,
flock_or_die,
uidmap = "rootidmap" if tree.source.stat().st_uid != 0 else "noidmap"
cmdline += ["--bind", f"{tree.source}:{target}:norbind,{uidmap}"]
- if config.runtime_home and (path := current_home_dir()):
- uidmap = "rootidmap" if path.stat().st_uid != 0 else "noidmap"
- cmdline += ["--bind", f"{path}:/root:norbind,{uidmap}"]
+ if config.bind_user:
+ cmdline += ["--bind-user", getpass.getuser()]
if config.runtime_scratch == ConfigFeature.enabled or (
config.runtime_scratch == ConfigFeature.auto and config.output_format == OutputFormat.disk
runtime_scratch: ConfigFeature
runtime_network: Network
runtime_build_sources: bool
- runtime_home: bool
+ bind_user: bool
unit_properties: list[str]
ssh_key: Optional[Path]
ssh_certificate: Optional[Path]
scope=SettingScope.main,
),
ConfigSetting(
- dest="runtime_home",
+ dest="bind_user",
metavar="BOOL",
section="Runtime",
parse=config_parse_boolean,
- help="Mount current home directory to /root when booting the image",
+ help="Bind current user from host into container or virtual machine",
scope=SettingScope.main,
),
ConfigSetting(
Runtime Scratch: {config.runtime_scratch}
Runtime Network: {config.runtime_network}
Runtime Build Sources: {config.runtime_build_sources}
- Runtime Home or Working Directory: {yes_no(config.runtime_home)}
+ Bind User: {yes_no(config.bind_user)}
Unit Properties: {line_join_list(config.unit_properties)}
SSH Signing Key: {none_to_none(config.ssh_key)}
SSH Certificate: {none_to_none(config.ssh_certificate)}
from mkosi.util import (
PathString,
StrEnum,
- current_home_dir,
flock,
flock_or_die,
groupby,
):
die("SecureBootCertificate= must be configured to use FirmwareVariables=custom|microsoft-mok")
+ if config.bind_user:
+ die("mkosi qemu does not support --bind-user=")
+
# After we unshare the user namespace to sandbox qemu, we might not have access to /dev/kvm or related
# device nodes anymore as access to these might be gated behind the kvm group and we won't be part of the
# kvm group anymore after unsharing the user namespace. To get around this, open all those device nodes
if (
config.runtime_trees
or config.runtime_build_sources
- or config.runtime_home
or config.output_format == OutputFormat.directory
):
shm = ["-object", f"memory-backend-memfd,id=mem,size={config.ram // 1024**2}M,share=on"]
they were mounted to when running the build script when using `mkosi
boot` or `mkosi vm`.
-`RuntimeHome=`, `--runtime-home=`
-: Mount the current home directory from which **mkosi** is running to
- `/root` when using `mkosi boot` or `mkosi vm`.
+`BindUser=`, `--bind-user=`
+: Bind the home directory of the current user into the container/vm.
+ Takes a boolean. Disabled by default.
`UnitProperties=`, `--unit-property=`
: Configure systemd unit properties to add to the systemd scopes
return [(key, group) for key, group in grouped.items()]
-def current_home_dir() -> Optional[Path]:
- home = Path(h) if (h := os.getenv("HOME")) else None
-
- if Path.cwd() in (Path("/"), Path("/home")):
- return home
-
- if Path.cwd().is_relative_to("/root"):
- return Path("/root")
-
- if Path.cwd().is_relative_to("/home"):
- # `Path.parents` only supports slices and negative indexing from Python 3.10 onwards.
- # TODO: Remove list() when we depend on Python 3.10 or newer.
- return list(Path.cwd().parents)[-3]
-
- return home
-
-
def unique(seq: Sequence[T]) -> list[T]:
return list(dict.fromkeys(seq))
finalize_register,
)
from mkosi.run import run
-from mkosi.util import PathString, current_home_dir
+from mkosi.util import PathString
def run_vmspawn(args: Args, config: Config) -> None:
if config.cdrom:
die("systemd-vmspawn does not support CD-ROM images")
+ if config.bind_user:
+ die("systemd-vmspawn does not support --bind-user=")
+
if config.firmware_variables and config.firmware_variables != Path("microsoft"):
die("mkosi vmspawn does not support FirmwareVariables=")
target = Path("/root/src") / (tree.target or "")
cmdline += ["--bind", f"{tree.source}:{target}"]
- if config.runtime_home and (p := current_home_dir()):
- cmdline += ["--bind", f"{p}:/root"]
-
if kernel:
cmdline += ["--linux", kernel]
"BaseTrees": [
"/hello/world"
],
+ "BindUser": true,
"BiosBootloader": "none",
"Bootable": "disabled",
"Bootloader": "grub",
],
"RootShell": "/bin/tcsh",
"RuntimeBuildSources": true,
- "RuntimeHome": true,
"RuntimeNetwork": "interface",
"RuntimeScratch": "enabled",
"RuntimeSize": 8589934592,
architecture=Architecture.ia64,
autologin=False,
base_trees=[Path("/hello/world")],
+ bind_user=True,
bios_bootloader=BiosBootloader.none,
bootable=ConfigFeature.disabled,
bootloader=Bootloader.grub,
root_password=("test1234", False),
root_shell="/bin/tcsh",
runtime_build_sources=True,
- runtime_home=True,
runtime_network=Network.interface,
runtime_scratch=ConfigFeature.enabled,
runtime_size=8589934592,
projects / thirdparty / mkosi.git / commitdiff
