- Added -B src:dest (like -b) but this makes bind mounts in
read-only mode.
- Get rid of setfsuid(), it's unnecessary.
- Make sure chrootdir is not '/', use realpath().
- Always set SECBIT_NOROOT, see capabilities(7).
- Do not mount recursively, right now this only mounts
/dev (ro), /dev/shm (rw), /sys (ro) and /proc (ro).
Previously any mount below any specific mount were recursively
mounted in chrootdir.
- Do not use nftw(3), this won't clean up the tree properly.
Rather use scandir(3) with alphasort, like xbps-create(1).
- Don't drop privs in the parent to make sure that the
temp overlayfs tree can be removed properly.
This fixes the issues while building go modules and others
with xbps-src.
This reverts commit f6a6385b42d6946b8b72e1084b4827591967e147.
Does not work as expected, and does not fix the real issue
which is still not understood.
The remount is done to use nosuid, but we can get
rid of the remount just because of this specific
option that does not have too much value for our
general usage (xbps-src).
Go modules seem to have too restrictive permissions on
its builddir, making xbps-uchroot(1) unable to remove
its directory tree due to insufficient permissions.
Run nftw() twice, the first run to set chmod 755, and
second run to remove the file.
Fixes `xbps-src -t` with any pkg that uses `build_style=go`.
This should avoid lots of temp dirs in the buildbot
builders while building go modules and others.