From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 6 Sep 2024 11:47:15 +0000 (+0200)
Subject: sandbox: Allow using tmpfs as overlayfs upperdir and workdir
X-Git-Tag: v25~309^2~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4071f42f342977400dd9e22a17ae7a4cd883173b;p=thirdparty%2Fmkosi.git

sandbox: Allow using tmpfs as overlayfs upperdir and workdir
---

diff --git a/mkosi/resources/man/mkosi-sandbox.md b/mkosi/resources/man/mkosi-sandbox.md
index 5fcf3f2c5..691f170fc 100644
--- a/mkosi/resources/man/mkosi-sandbox.md
+++ b/mkosi/resources/man/mkosi-sandbox.md
@@ -63,7 +63,9 @@ host system.
 :   Adds `DIR` from the host as a new lower directory for the next overlayfs mount.
 
 `--overlay-upperdir DIR`
-:   Sets the upper directory for the next overlayfs mount to `DIR` from the host.
+:   Sets the upper directory for the next overlayfs mount to `DIR` from the host. If
+    set to `tmpfs`, the upperdir and workdir will be subdirectories of a fresh tmpfs
+    mount.
 
 `--overlay-workdir DIR`
 :   Sets the working directory for the next overlayfs mount to `DIR` from the host.
diff --git a/mkosi/sandbox.py b/mkosi/sandbox.py
index 58585f4fa..b14662762 100755
--- a/mkosi/sandbox.py
+++ b/mkosi/sandbox.py
@@ -551,11 +551,17 @@ class OverlayOperation(FSOperation):
 
     def execute(self, oldroot: str, newroot: str) -> None:
         lowerdirs = tuple(chase(oldroot, p) for p in self.lowerdirs)
-        upperdir = chase(oldroot, self.upperdir) if self.upperdir else None
+        upperdir = chase(oldroot, self.upperdir) if self.upperdir and self.upperdir != "tmpfs" else self.upperdir
         workdir = chase(oldroot, self.workdir) if self.workdir else None
         dst = chase(newroot, self.dst)
+
         with umask(~0o755):
-            os.makedirs(dst, exist_ok=True)
+            os.makedirs(os.path.dirname(dst), exist_ok=True)
+
+        mode = 0o1777 if any(dst.endswith(suffix) for suffix in ("/tmp", "/var/tmp")) else 0o755
+        if not os.path.exists(dst):
+            with umask(~mode):
+                os.mkdir(dst, mode=mode)
 
         options = [
             f"lowerdir={':'.join(lowerdirs)}",
@@ -571,10 +577,20 @@ class OverlayOperation(FSOperation):
             "metacopy=off",
         ]
 
-        if upperdir:
-            options += [f"upperdir={upperdir}"]
-        if workdir:
-            options += [f"workdir={workdir}"]
+        if upperdir and upperdir == "tmpfs":
+            mount("tmpfs", dst, "tmpfs", 0, "mode=0755")
+
+            with umask(~mode):
+                os.mkdir(f"{dst}/upper", mode=mode)
+            with umask(~0o755):
+                os.mkdir(f"{dst}/work")
+
+            options += [f"upperdir={dst}/upper", f"workdir={dst}/work"]
+        else:
+            if upperdir:
+                options += [f"upperdir={upperdir}"]
+            if workdir:
+                options += [f"workdir={workdir}"]
 
         mount("overlayfs", dst, "overlay", 0, ",".join(options))