Skip to content

Commit

Permalink
build_providers: create LXD containers with security.syscalls.interce…
Browse files Browse the repository at this point in the history
…pt.mknod=true
  • Loading branch information
jhenstridge committed Jul 15, 2020
1 parent d03ffa4 commit 3cd309d
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 1 deletion.
8 changes: 7 additions & 1 deletion snapcraft/internal/build_providers/_lxd/_lxd.py
Original file line number Diff line number Diff line change
Expand Up @@ -194,7 +194,13 @@ def _launch(self) -> None:
provider_name=self._get_provider_name(), build_base=build_base
)

config = {"name": self.instance_name, "source": source}
config = {
"name": self.instance_name,
"source": source,
# Allow container to make safe mknod calls, as documented at
# https://linuxcontainers.org/lxd/docs/master/syscall-interception
"security.syscalls.intercept.mknod": "true",
}

try:
container = self._lxd_client.containers.create(config, wait=True)
Expand Down
2 changes: 2 additions & 0 deletions tests/unit/build_providers/lxd/test_lxd.py
Original file line number Diff line number Diff line change
Expand Up @@ -200,6 +200,7 @@ def test_create(self):
config={
"name": "snapcraft-project-name",
"raw.idmap": f"both {os.getuid()} 0",
"security.syscalls.intercept.mknod": "true",
"source": {
"mode": "pull",
"type": "image",
Expand Down Expand Up @@ -776,6 +777,7 @@ def test_create_for_type_base(self):
config={
"name": "snapcraft-core18",
"raw.idmap": f"both {os.getuid()} 0",
"security.syscalls.intercept.mknod": "true",
"source": {
"mode": "pull",
"type": "image",
Expand Down

0 comments on commit 3cd309d

Please sign in to comment.