We now always put an overlayfs on top of the sandbox tree so writes
done from within the sandbox aren't persisted, so there's no point
anymore in creating /var/log in the sandbox tree anymore. Instead,
make sure it exists within sandbox_cmd() so we can still access logs
when using --debug-shell.
if Path("/etc/static").is_symlink():
(dst / "etc/static").symlink_to(Path("/etc/static").readlink())
- (dst / "var/log").mkdir(parents=True)
-
if Path("/etc/passwd").exists():
shutil.copy("/etc/passwd", dst / "etc/passwd")
if Path("/etc/group").exists():
if path and not any(path.is_relative_to(dir) for dir in (*dirs, "/usr", "/nix", "/tmp")):
cmdline += ["--bind", path, path]
else:
- cmdline += ["--dir", "/var/tmp", "--unshare-ipc"]
+ cmdline += ["--dir", "/var/tmp", "--dir", "/var/log", "--unshare-ipc"]
if devices:
cmdline += ["--bind", "/sys", "/sys", "--bind", "/dev", "/dev"]