sandbox: Drop --proc

This is trivially replaced with --bind /proc $DST, so let's drop the
separate option. Maybe in the future we'll add --proc back but have it
actually mount a new procfs instance.

diff --git a/mkosi/resources/man/mkosi-sandbox.1.md b/mkosi/resources/man/mkosi-sandbox.1.md
index e70084aefedae51b8f9a10b485aa900108cc18a4..950b8f36802d9993381e245d23fb02c4dcac6617 100644 (file)
--- a/mkosi/resources/man/mkosi-sandbox.1.md
+++ b/mkosi/resources/man/mkosi-sandbox.1.md
@@ -45,9 +45,6 @@ from `mkosi.sandbox` is not supported and may break in future versions.
     contain the basic device nodes required for a functioning sandbox (e.g. `/dev/null`)
     and no actual devices.
 
-`--proc DST`
-:  Mounts `/proc` from the host at `DST` in the sandbox.
-
 `--dir DST`
 :   Creates a directory and all missing parent directories at `DST` in the sandbox.
     All directories are created with mode 755 unless the path ends with `/tmp` or
@@ -169,7 +166,7 @@ mkosi-sandbox \
     --symlink usr/lib64 /lib64 \
     --symlink usr/sbin /sbin \
     --dev /dev \
-    --proc /proc \
+    --bind /proc /proc \
     --tmpfs /tmp \
     --become-root \
     id

diff --git a/mkosi/run.py b/mkosi/run.py
index 986b591272418806afe5299a4cef146df635321c..e5d220473f7a2913a12c157dcb336c3ebb62fb54 100644 (file)
--- a/mkosi/run.py
+++ b/mkosi/run.py
@@ -529,7 +529,7 @@ def sandbox_cmd(
         module = stack.enter_context(resource_path(sys.modules[__package__ or __name__]))
 
         cmdline: list[PathString] = [
-            "--proc", "/proc",
+            "--bind", "/proc", "/proc",
             # We mounted a subdirectory of TMPDIR to /var/tmp so we unset TMPDIR so that /tmp or /var/tmp are
             # used instead.
             "--unsetenv", "TMPDIR",
@@ -679,7 +679,7 @@ def apivfs_options(*, root: Path = Path("/buildroot")) -> list[PathString]:
     return [
         "--tmpfs", root / "run",
         "--tmpfs", root / "tmp",
-        "--proc", root / "proc",
+        "--bind", "/proc", root / "proc",
         "--dev", root / "dev",
         # Nudge gpg to create its sockets in /run by making sure /run/user/0 exists.
         "--dir", root / "run/user/0",

diff --git a/mkosi/sandbox.py b/mkosi/sandbox.py
index 373cde39031cf893a862f4149c52d564bfec199f..bf4a5b3f151f8ffaf4193749fd4f53f6b9f0f669 100755 (executable)
--- a/mkosi/sandbox.py
+++ b/mkosi/sandbox.py
@@ -848,15 +848,6 @@ class BindOperation(FSOperation):
         mount_rbind(src, dst, attrs=MOUNT_ATTR_RDONLY if self.readonly else 0)
 
 
-class ProcOperation(FSOperation):
-    def execute(self, oldroot: str, newroot: str) -> None:
-        dst = chase(newroot, self.dst)
-        with umask(~0o755):
-            os.makedirs(dst, exist_ok=True)
-
-        mount_rbind(joinpath(oldroot, "proc"), dst)
-
-
 class DevOperation(FSOperation):
     def __init__(self, ttyname: str, dst: str) -> None:
         self.ttyname = ttyname
@@ -1046,7 +1037,6 @@ mkosi-sandbox [OPTIONS...] COMMAND [ARGUMENTS...]
      --version                    Show package version
      --tmpfs DST                  Mount a new tmpfs on DST
      --dev DST                    Mount dev on DST
-     --proc DST                   Mount procfs on DST
      --dir DST                    Create a new directory at DST
      --bind SRC DST               Bind mount the host path SRC to DST
      --bind-try SRC DST           Bind mount the host path SRC to DST if it exists
@@ -1116,8 +1106,6 @@ def main(argv: list[str] = sys.argv[1:]) -> None:
             fsops.append(TmpfsOperation(os.path.abspath(argv.pop())))
         elif arg == "--dev":
             fsops.append(DevOperation(ttyname, os.path.abspath(argv.pop())))
-        elif arg == "--proc":
-            fsops.append(ProcOperation(os.path.abspath(argv.pop())))
         elif arg == "--dir":
             fsops.append(DirOperation(os.path.abspath(argv.pop())))
         elif arg in ("--bind", "--ro-bind", "--bind-try", "--ro-bind-try"):