app/config: map bwrap tmpfs in app config

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-13 02:39:27 +09:00 · 2024-10-13 02:39:27 +09:00 · 65a5f8fb08
parent aee96b0fdf
commit 65a5f8fb08
1 changed files with 9 additions and 0 deletions
--- a/internal/app/config.go
+++ b/internal/app/config.go
@ -54,6 +54,8 @@ type SandboxConfig struct {
 	Env map[string]string `json:"env"`
 	// sandbox host filesystem access
 	Filesystem []*FilesystemConfig `json:"filesystem"`
+	// tmpfs mount points to mount last
+	Tmpfs []bwrap.TmpfsConfig `json:"tmpfs"`
 }

 type FilesystemConfig struct {
@ -121,6 +123,10 @@ func (s *SandboxConfig) Bwrap() *bwrap.Config {
 		}
 	}

+	for _, tmpfs := range s.Tmpfs {
+		conf.Tmpfs = append(conf.Tmpfs, bwrap.PermConfig[bwrap.TmpfsConfig]{Path: tmpfs, Last: true})
+	}
+
 	return conf
 }

@ -157,6 +163,9 @@ func Template() *Config {
 					{Src: "/data/user/0", Dst: "/data/data", Write: true, Must: true},
 					{Src: "/var/tmp", Write: true},
 				},
+				Tmpfs: []bwrap.TmpfsConfig{
+					{Size: 8 * 1024, Dir: "/var/run/nscd"},
+				},
 			},
 			SystemBus: &dbus.Config{
 				See:       nil,