Move /var/log creation from sandbox tree to sandbox_cmd()

We now always put an overlayfs on top of the sandbox tree so writes
done from within the sandbox aren't persisted, so there's no point
anymore in creating /var/log in the sandbox tree anymore. Instead,
make sure it exists within sandbox_cmd() so we can still access logs
when using --debug-shell.

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 38f1ec54d08d755e2c1a2a7305797aa4f5e98d98..16041edd784d0d54991748523d10f02df74b3017 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -1042,8 +1042,6 @@ def install_sandbox_trees(config: Config, dst: Path) -> None:
     if Path("/etc/static").is_symlink():
         (dst / "etc/static").symlink_to(Path("/etc/static").readlink())
 
-    (dst / "var/log").mkdir(parents=True)
-
     if Path("/etc/passwd").exists():
         shutil.copy("/etc/passwd", dst / "etc/passwd")
     if Path("/etc/group").exists():

diff --git a/mkosi/run.py b/mkosi/run.py
index 1b4c8398a9b9446418bccbffe38311e139cffc31..169948b1a3e6a07f6eee68076c700702d96475be 100644 (file)
--- a/mkosi/run.py
+++ b/mkosi/run.py
@@ -524,7 +524,7 @@ def sandbox_cmd(
         if path and not any(path.is_relative_to(dir) for dir in (*dirs, "/usr", "/nix", "/tmp")):
             cmdline += ["--bind", path, path]
     else:
-        cmdline += ["--dir", "/var/tmp", "--unshare-ipc"]
+        cmdline += ["--dir", "/var/tmp", "--dir", "/var/log", "--unshare-ipc"]
 
         if devices:
             cmdline += ["--bind", "/sys", "/sys", "--bind", "/dev", "/dev"]