From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-654599-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id EC978138247
	for <garchives@archives.gentoo.org>; Wed,  1 Jan 2014 22:03:57 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id DE0E4E08CA;
	Wed,  1 Jan 2014 22:03:56 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 702DCE08CA
	for <gentoo-commits@lists.gentoo.org>; Wed,  1 Jan 2014 22:03:56 +0000 (UTC)
Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 67B8D33F70C
	for <gentoo-commits@lists.gentoo.org>; Wed,  1 Jan 2014 22:03:55 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by hornbill.gentoo.org (Postfix) with ESMTP id DD0A5E54AB
	for <gentoo-commits@lists.gentoo.org>; Wed,  1 Jan 2014 22:03:53 +0000 (UTC)
From: "Brian Dolbec" <brian.dolbec@gmail.com>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Brian Dolbec" <brian.dolbec@gmail.com>
Message-ID: <1388613791.e1dffd789f91235190b12f78edb5d1e262affb27.dol-sen@gentoo>
Subject: [gentoo-commits] proj/catalyst:2.X commit in: modules/
X-VCS-Repository: proj/catalyst
X-VCS-Files: modules/generic_stage_target.py
X-VCS-Directories: modules/
X-VCS-Committer: dol-sen
X-VCS-Committer-Name: Brian Dolbec
X-VCS-Revision: e1dffd789f91235190b12f78edb5d1e262affb27
X-VCS-Branch: 2.X
Date: Wed,  1 Jan 2014 22:03:53 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: be5df373-a6f3-4c15-8628-ce5636afe8aa
X-Archives-Hash: b779510cca1aff40983178bc190a1477

commit:     e1dffd789f91235190b12f78edb5d1e262affb27
Author:     Douglas Freed <dwfreed <AT> mtu <DOT> edu>
AuthorDate: Wed Jan  1 21:18:22 2014 +0000
Commit:     Brian Dolbec <brian.dolbec <AT> gmail <DOT> com>
CommitDate: Wed Jan  1 22:03:11 2014 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/catalyst.git;a=commit;h=e1dffd78

Mount /dev/shm in the chroot with the right options

Bind mounting /dev/shm into the chroot isn't a good idea, as there may
be collisions and result in weird side effects.  Instead, we can just
mount a new tmpfs there, with the right options to ensure security.

---
 modules/generic_stage_target.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/modules/generic_stage_target.py b/modules/generic_stage_target.py
index 9edafe9..37d1fa1 100644
--- a/modules/generic_stage_target.py
+++ b/modules/generic_stage_target.py
@@ -179,13 +179,13 @@ class generic_stage_target(generic_target):
 			self.mountmap={"/proc":"/proc","/dev":"/dev","/dev/pts":"/dev/pts",\
 				"/usr/portage":self.settings["snapshot_cache_path"]+"/portage",\
 				"/usr/portage/distfiles":self.settings["distdir"],"/var/tmp/portage":"tmpfs",
-				"/dev/shm": "/dev/shm"}
+				"/dev/shm": "shmfs"}
 		else:
 			self.mounts=["/proc", "/dev", "/usr/portage/distfiles",
 				"/var/tmp/portage"]
 			self.mountmap={"/proc":"/proc","/dev":"/dev","/dev/pts":"/dev/pts",\
 				"/usr/portage/distfiles":self.settings["distdir"],"/var/tmp/portage":"tmpfs",
-				"/dev/shm": "/dev/shm"}
+				"/dev/shm": "shmfs"}
 		if os.uname()[0] == "Linux":
 			self.mounts.append("/dev/pts")
 			self.mounts.append("/dev/shm")
@@ -904,7 +904,7 @@ class generic_stage_target(generic_target):
 				os.makedirs(self.settings["chroot_path"]+x,0755)
 
 			if not os.path.exists(self.mountmap[x]):
-				if not self.mountmap[x] == "tmpfs":
+				if self.mountmap[x] != "tmpfs" and self.mountmap[x] != "shmfs":
 					os.makedirs(self.mountmap[x],0755)
 
 			src=self.mountmap[x]
@@ -923,6 +923,9 @@ class generic_stage_target(generic_target):
 						retval=os.system("mount -t tmpfs -o size="+\
 							self.settings["var_tmpfs_portage"]+"G "+src+" "+\
 							self.settings["chroot_path"]+x)
+				elif src == "shmfs":
+					retval=os.system("mount -t tmpfs -o noexec,nosuid,nodev shm "+\
+						self.settings["chroot_path"]+x)
 				else:
 					retval=os.system("mount --bind "+src+" "+\
 						self.settings["chroot_path"]+x)