network=True,
devices=True,
options=["--bind", fname, workdir(fname)],
- setup=become_root_cmd(),
),
+ setup=become_root_cmd(),
) # fmt: skip
if config.output_format == OutputFormat.directory:
network=True,
relaxed=True,
options=["--same-dir"],
- setup=become_root_cmd(),
),
+ setup=become_root_cmd(),
)
network=True,
devices=config.output_format == OutputFormat.disk,
relaxed=True,
- setup=become_root_cmd() if need_root else [],
),
+ setup=become_root_cmd() if need_root else [],
)
network=True,
relaxed=True,
options=["--chdir", config.output_dir_or_cwd()],
- setup=become_root_cmd(),
),
+ setup=become_root_cmd(),
)
network=True,
relaxed=True,
options=["--same-dir"],
- setup=become_root_cmd(),
),
+ setup=become_root_cmd(),
)
scripts: Optional[Path] = None,
overlay: Optional[Path] = None,
options: Sequence[PathString] = (),
- setup: Sequence[PathString] = (),
) -> AbstractContextManager[list[PathString]]:
opt: list[PathString] = [*options]
tools=self.tools() if tools else Path("/"),
overlay=overlay,
options=opt,
- setup=setup,
extra=self.extra_search_paths,
)
with spawn(
cmdline,
pass_fds=(sock.fileno(),),
- sandbox=config.sandbox(
- options=["--bind", state, workdir(Path(state))],
- setup=scope_cmd(
- name=f"mkosi-swtpm-{config.machine_or_name()}",
- description=f"swtpm for {config.machine_or_name()}",
- ),
+ sandbox=config.sandbox(options=["--bind", state, workdir(Path(state))]),
+ setup=scope_cmd(
+ name=f"mkosi-swtpm-{config.machine_or_name()}",
+ description=f"swtpm for {config.machine_or_name()}",
),
) as proc:
yield path
"--bind", directory, workdir(directory),
*(["--become-root"] if uidmap else []),
],
- setup=(
- scope +
- (become_root_in_subuid_range_cmd() if scope and not uidmap else [])
- ),
),
+ setup=scope + (become_root_in_subuid_range_cmd() if scope and not uidmap else []),
) as proc: # fmt: skip
yield path
proc.terminate()
"--ro-bind", f.name, "/etc/systemd/journal-remote.conf",
"--pack-fds",
],
- setup=scope,
),
+ setup=scope,
user=user if not scope else None,
group=group if not scope else None,
) as proc: # fmt: skip
devices=True,
relaxed=True,
options=["--same-dir", "--suspend"],
- setup=scope_cmd(
- name=name,
- description=f"mkosi Virtual Machine {name}",
- properties=config.unit_properties,
- environment=False,
- ),
+ ),
+ setup=scope_cmd(
+ name=name,
+ description=f"mkosi Virtual Machine {name}",
+ properties=config.unit_properties,
+ environment=False,
),
) as proc:
# We have to close these before we wait for qemu otherwise we'll deadlock as qemu will never
env: Mapping[str, str] = {},
log: bool = True,
success_exit_status: Sequence[int] = (0,),
+ setup: Sequence[PathString] = (),
sandbox: AbstractContextManager[Sequence[PathString]] = contextlib.nullcontext([]),
) -> CompletedProcess:
if input is not None:
env=env,
log=log,
success_exit_status=success_exit_status,
+ setup=setup,
sandbox=sandbox,
) as process:
out, err = process.communicate(input)
log: bool = True,
preexec: Optional[Callable[[], None]] = None,
success_exit_status: Sequence[int] = (0,),
+ setup: Sequence[PathString] = (),
sandbox: AbstractContextManager[Sequence[PathString]] = contextlib.nullcontext([]),
) -> Iterator[Popen]:
cmd = [os.fspath(x) for x in cmdline]
try:
proc = subprocess.Popen(
- [*prefix, *cmdline],
+ [*setup, *prefix, *cmdline],
stdin=stdin,
stdout=stdout,
stderr=stderr,
if log:
log_process_failure(prefix, cmd, returncode)
if ARG_DEBUG_SHELL.get():
+ # --suspend will freeze the debug shell with no way to unfreeze it so strip it from the
+ # sandbox if it's there.
+ if "--suspend" in prefix:
+ prefix.remove("--suspend")
subprocess.run(
- # --suspend will freeze the debug shell with no way to unfreeze it so strip it from the
- # sandbox if it's there.
- [s for s in prefix if s != "--suspend"] + ["bash"],
+ [*setup, *prefix, "bash"],
check=False,
stdin=sys.stdin,
text=True,
relaxed: bool = False,
overlay: Optional[Path] = None,
options: Sequence[PathString] = (),
- setup: Sequence[PathString] = (),
extra: Sequence[Path] = (),
) -> Iterator[list[PathString]]:
assert not (overlay and relaxed)
module = stack.enter_context(resource_path(sys.modules[__package__ or __name__]))
cmdline: list[PathString] = [
- *setup,
*(["strace", "--detach-on=execve"] if ARG_DEBUG_SANDBOX.get() else []),
sys.executable, "-SI", module / "sandbox.py",
"--proc", "/proc",
devices=True,
network=True,
relaxed=True,
- setup=become_root_cmd(),
options=[
*(["--bind", "/boot", "/boot"] if Path("/boot").exists() else []),
*(["--bind", "/efi", "/efi"] if Path("/efi").exists() else []),
"--same-dir",
],
),
+ setup=become_root_cmd(),
) # fmt: skip
projects / thirdparty / mkosi.git / commitdiff
