scratch = stack.enter_context(tempfile.NamedTemporaryFile(dir="/var/tmp", prefix="mkosi-scratch"))
scratch.truncate(1024**4)
run([f"mkfs.{config.distribution.filesystem()}", "-L", "scratch", scratch.name],
- stdout=subprocess.DEVNULL, stderr=None, sandbox=config.sandbox())
+ stdout=subprocess.DEVNULL, sandbox=config.sandbox(options=["--bind", scratch.name, scratch.name]))
cmdline += [
"-drive", f"if=none,id=scratch,file={scratch.name},format=raw",
"-device", "scsi-hd,drive=scratch",
"--dev-bind", "/", "/",
"--tmpfs", root / "run",
"--tmpfs", root / "tmp",
- "--bind", os.getenv("TMPDIR", "/var/tmp"), root / "var/tmp",
+ "--bind", "/var/tmp", root / "var/tmp",
"--proc", root / "proc",
"--dev", root / "dev",
# APIVFS generally means chrooting is going to happen so unset TMPDIR just to be safe.
projects / thirdparty / mkosi.git / commitdiff
