From: DaanDeMeyer Date: Wed, 24 Dec 2025 10:35:32 +0000 (+0100) Subject: sandbox: Drop --proc X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=89d548795edef9c84d4dbb1afb068c74e6026e7a;p=thirdparty%2Fmkosi.git sandbox: Drop --proc This is trivially replaced with --bind /proc $DST, so let's drop the separate option. Maybe in the future we'll add --proc back but have it actually mount a new procfs instance. --- diff --git a/mkosi/resources/man/mkosi-sandbox.1.md b/mkosi/resources/man/mkosi-sandbox.1.md index e70084aef..950b8f368 100644 --- a/mkosi/resources/man/mkosi-sandbox.1.md +++ b/mkosi/resources/man/mkosi-sandbox.1.md @@ -45,9 +45,6 @@ from `mkosi.sandbox` is not supported and may break in future versions. contain the basic device nodes required for a functioning sandbox (e.g. `/dev/null`) and no actual devices. -`--proc DST` -: Mounts `/proc` from the host at `DST` in the sandbox. - `--dir DST` : Creates a directory and all missing parent directories at `DST` in the sandbox. All directories are created with mode 755 unless the path ends with `/tmp` or @@ -169,7 +166,7 @@ mkosi-sandbox \ --symlink usr/lib64 /lib64 \ --symlink usr/sbin /sbin \ --dev /dev \ - --proc /proc \ + --bind /proc /proc \ --tmpfs /tmp \ --become-root \ id diff --git a/mkosi/run.py b/mkosi/run.py index 986b59127..e5d220473 100644 --- a/mkosi/run.py +++ b/mkosi/run.py @@ -529,7 +529,7 @@ def sandbox_cmd( module = stack.enter_context(resource_path(sys.modules[__package__ or __name__])) cmdline: list[PathString] = [ - "--proc", "/proc", + "--bind", "/proc", "/proc", # We mounted a subdirectory of TMPDIR to /var/tmp so we unset TMPDIR so that /tmp or /var/tmp are # used instead. "--unsetenv", "TMPDIR", @@ -679,7 +679,7 @@ def apivfs_options(*, root: Path = Path("/buildroot")) -> list[PathString]: return [ "--tmpfs", root / "run", "--tmpfs", root / "tmp", - "--proc", root / "proc", + "--bind", "/proc", root / "proc", "--dev", root / "dev", # Nudge gpg to create its sockets in /run by making sure /run/user/0 exists. "--dir", root / "run/user/0", diff --git a/mkosi/sandbox.py b/mkosi/sandbox.py index 373cde390..bf4a5b3f1 100755 --- a/mkosi/sandbox.py +++ b/mkosi/sandbox.py @@ -848,15 +848,6 @@ class BindOperation(FSOperation): mount_rbind(src, dst, attrs=MOUNT_ATTR_RDONLY if self.readonly else 0) -class ProcOperation(FSOperation): - def execute(self, oldroot: str, newroot: str) -> None: - dst = chase(newroot, self.dst) - with umask(~0o755): - os.makedirs(dst, exist_ok=True) - - mount_rbind(joinpath(oldroot, "proc"), dst) - - class DevOperation(FSOperation): def __init__(self, ttyname: str, dst: str) -> None: self.ttyname = ttyname @@ -1046,7 +1037,6 @@ mkosi-sandbox [OPTIONS...] COMMAND [ARGUMENTS...] --version Show package version --tmpfs DST Mount a new tmpfs on DST --dev DST Mount dev on DST - --proc DST Mount procfs on DST --dir DST Create a new directory at DST --bind SRC DST Bind mount the host path SRC to DST --bind-try SRC DST Bind mount the host path SRC to DST if it exists @@ -1116,8 +1106,6 @@ def main(argv: list[str] = sys.argv[1:]) -> None: fsops.append(TmpfsOperation(os.path.abspath(argv.pop()))) elif arg == "--dev": fsops.append(DevOperation(ttyname, os.path.abspath(argv.pop()))) - elif arg == "--proc": - fsops.append(ProcOperation(os.path.abspath(argv.pop()))) elif arg == "--dir": fsops.append(DirOperation(os.path.abspath(argv.pop()))) elif arg in ("--bind", "--ro-bind", "--bind-try", "--ro-bind-try"):