From 65a5f8fb08421f8fb031d4e21a2c460d218616c6 Mon Sep 17 00:00:00 2001 From: Ophestra Umiker Date: Sun, 13 Oct 2024 02:39:27 +0900 Subject: [PATCH] app/config: map bwrap tmpfs in app config Signed-off-by: Ophestra Umiker --- internal/app/config.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/internal/app/config.go b/internal/app/config.go index b8e2f47..4c21d8b 100644 --- a/internal/app/config.go +++ b/internal/app/config.go @@ -54,6 +54,8 @@ type SandboxConfig struct { Env map[string]string `json:"env"` // sandbox host filesystem access Filesystem []*FilesystemConfig `json:"filesystem"` + // tmpfs mount points to mount last + Tmpfs []bwrap.TmpfsConfig `json:"tmpfs"` } type FilesystemConfig struct { @@ -121,6 +123,10 @@ func (s *SandboxConfig) Bwrap() *bwrap.Config { } } + for _, tmpfs := range s.Tmpfs { + conf.Tmpfs = append(conf.Tmpfs, bwrap.PermConfig[bwrap.TmpfsConfig]{Path: tmpfs, Last: true}) + } + return conf } @@ -157,6 +163,9 @@ func Template() *Config { {Src: "/data/user/0", Dst: "/data/data", Write: true, Must: true}, {Src: "/var/tmp", Write: true}, }, + Tmpfs: []bwrap.TmpfsConfig{ + {Size: 8 * 1024, Dir: "/var/run/nscd"}, + }, }, SystemBus: &dbus.Config{ See: nil,