From: Daan De Meyer Date: Mon, 3 Nov 2025 08:59:03 +0000 (+0100) Subject: installer: Only mount configured state subdirs into sandbox X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=07a0a2be67cd3cc06875e92300904259bf941e1f;p=thirdparty%2Fmkosi.git installer: Only mount configured state subdirs into sandbox This got lost somewhere with the countless refactorings. Let's not mount a state directory to /var/lib unless one is configured. Most package managers don't actually store anything there that we care about and if we use PackageCacheDirectory=/var, we might end up mounting too much state there, such as the pacman host db lock file. Fixes #3985 --- diff --git a/mkosi/__init__.py b/mkosi/__init__.py index 8f8b98feb..b9f6e4107 100644 --- a/mkosi/__init__.py +++ b/mkosi/__init__.py @@ -4726,6 +4726,10 @@ def sync_repository_metadata( for d in ("cache", "lib"): (metadata_dir / d / subdir).mkdir(parents=True, exist_ok=True) + src = metadata_dir / "lib" / subdir + for p in last.distribution.installer.package_manager(last).state_subdirs(): + (src / p).mkdir(parents=True, exist_ok=True) + (last.package_cache_dir_or_default() / "cache" / subdir).mkdir(parents=True, exist_ok=True) # Sync repository metadata unless explicitly disabled. @@ -4753,7 +4757,6 @@ def sync_repository_metadata( context, force=context.args.force > 1 or context.config.cacheonly == Cacheonly.never, ) - src = metadata_dir / "cache" / subdir dst = last.package_cache_dir_or_default() / "cache" / subdir diff --git a/mkosi/installer/__init__.py b/mkosi/installer/__init__.py index 471e749bb..9ebec1b2c 100644 --- a/mkosi/installer/__init__.py +++ b/mkosi/installer/__init__.py @@ -30,7 +30,7 @@ class PackageManager: return [] @classmethod - def state_subdirs(cls, state: Path) -> list[Path]: + def state_subdirs(cls) -> list[Path]: return [] @classmethod @@ -85,7 +85,12 @@ class PackageManager: subdir = context.config.distribution.installer.package_manager(context.config).subdir(context.config) src = context.metadata_dir / "lib" / subdir - mounts += ["--bind", src, Path("/var/lib") / subdir] + mounts += flatten( + ("--bind", src / state_subdir, Path("/var/lib") / subdir / state_subdir) + for state_subdir in context.config.distribution.installer.package_manager( + context.config + ).state_subdirs() + ) src = context.metadata_dir / "cache" / subdir caches = context.config.distribution.installer.package_manager(context.config).package_subdirs(src) diff --git a/mkosi/installer/apt.py b/mkosi/installer/apt.py index 1cd63c2a9..a6338dfd2 100644 --- a/mkosi/installer/apt.py +++ b/mkosi/installer/apt.py @@ -64,8 +64,8 @@ class Apt(PackageManager): return ["*.deb", "*.ddeb"] @classmethod - def state_subdirs(cls, state: Path) -> list[Path]: - return [state / "lists"] + def state_subdirs(cls) -> list[Path]: + return [Path("lists")] @classmethod def dpkg_cmd(cls, command: str) -> list[PathString]: diff --git a/mkosi/installer/pacman.py b/mkosi/installer/pacman.py index c416dfda3..ffadbb9d3 100644 --- a/mkosi/installer/pacman.py +++ b/mkosi/installer/pacman.py @@ -43,8 +43,8 @@ class Pacman(PackageManager): return ["*.pkg.tar*"] @classmethod - def state_subdirs(cls, state: Path) -> list[Path]: - return [state / "sync"] + def state_subdirs(cls) -> list[Path]: + return [Path("sync")] @classmethod def scripts(cls, context: Context) -> dict[str, list[PathString]]: