Skip to content
This repository was archived by the owner on Feb 28, 2023. It is now read-only.

Commit fd3e3bd

Browse files
XanewokXanewok
committed
Address review feedback
1 parent b5386b6 commit fd3e3bd

1 file changed

Lines changed: 8 additions & 5 deletions

File tree

src/bin/cachepot-dist/build.rs

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -111,7 +111,7 @@ impl OverlayBuilder {
111111
pub fn new(bubblewrap: PathBuf, dir: PathBuf) -> Result<Self> {
112112
info!("Creating overlay builder");
113113

114-
// TODO: Check kernel support for user namespaces
114+
// TODO(#144): Check kernel support for user namespaces
115115

116116
let out = Command::new(&bubblewrap)
117117
.arg("--version")
@@ -325,9 +325,9 @@ impl OverlayBuilder {
325325
}
326326

327327
trace!("performing compile");
328-
// FIXME: Adapt the notes for the user namespaces
329328
// Bubblewrap notes:
330-
// - We're running as uid 0 (to do the mounts above), and so bubblewrap is run as uid 0
329+
// - If we're running as uid 0 (to do the mounts above, if we're running without
330+
// entering a new unprivileged Linux user namespace), then the bubblewrap is run as uid 0
331331
// - There's special handling in bubblewrap to compare uid and euid - of interest to us,
332332
// if uid == euid == 0, bubblewrap preserves capabilities (not good!) so we explicitly
333333
// drop all capabilities
@@ -458,7 +458,7 @@ fn new_userns<B: FnOnce() -> Result<BuildResult>>(build_fn: B) -> Result<BuildRe
458458
// The reason why we need to fork in the first place is that creating
459459
// a new user namespace with `CLONE_NEWUSER` is required to be called
460460
// from a main thread, which fork() separates the calling thread as one.
461-
// FIXME: Redesign this binary to be re-executable like
461+
// FIXME(#145): Redesign this binary to be re-executable like
462462
// `cachepot-dist sandbox` (akin to server/scheduler), which would enter
463463
// the child namespace in the init function, passing the outputs via
464464
// shared pipes or a shared tempdir.
@@ -522,7 +522,10 @@ fn new_userns<B: FnOnce() -> Result<BuildResult>>(build_fn: B) -> Result<BuildRe
522522
.and_then(|results| tx.write_all(&results).context("Can't pipe build results"))
523523
{
524524
Ok(..) => std::process::exit(0),
525-
Err(..) => std::process::exit(1),
525+
Err(err) => {
526+
error!("Error running build in a bubblewrap fork child: {}", err);
527+
std::process::exit(1)
528+
}
526529
}
527530
}
528531
};

0 commit comments

Comments
 (0)