Skip to content

Commit ab6bcb2

Browse files
grahamcgrahamc
authored
Share /lib64 into the container (#109)
* Share /lib64 into the container * Don't attempt to mount host directories that don't exist
1 parent 0d82cb0 commit ab6bcb2

File tree

2 files changed

+99
-29
lines changed

2 files changed

+99
-29
lines changed

dist/index.js

Lines changed: 47 additions & 15 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/index.ts

Lines changed: 52 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -688,6 +688,55 @@ class NixInstallerAction extends DetSysAction {
688688

689689
{
690690
actionsCore.debug("Starting the Nix daemon through Docker...");
691+
692+
const candidateDirectories = [
693+
{
694+
dir: "/bin",
695+
readOnly: true,
696+
},
697+
{
698+
dir: "/etc",
699+
readOnly: true,
700+
},
701+
{
702+
dir: "/home",
703+
readOnly: true,
704+
},
705+
{
706+
dir: "/lib",
707+
readOnly: true,
708+
},
709+
{
710+
dir: "/lib64",
711+
readOnly: true,
712+
},
713+
{
714+
dir: "/tmp",
715+
readOnly: false,
716+
},
717+
{
718+
dir: "/nix",
719+
readOnly: false,
720+
},
721+
];
722+
723+
const mountArguments = [];
724+
725+
for (const { dir, readOnly } of candidateDirectories) {
726+
try {
727+
await access(dir);
728+
actionsCore.debug(`Will mount ${dir} in the docker shim.`);
729+
mountArguments.push("--mount");
730+
mountArguments.push(
731+
`type=bind,src=${dir},dst=${dir}${readOnly ? ",readonly" : ""}`,
732+
);
733+
} catch {
734+
actionsCore.debug(
735+
`Not mounting ${dir} in the docker shim: it doesn't appear to exist.`,
736+
);
737+
}
738+
}
739+
691740
this.recordEvent(EVENT_START_DOCKER_SHIM);
692741
const exitCode = await actionsExec.exec(
693742
"docker",
@@ -699,25 +748,14 @@ class NixInstallerAction extends DetSysAction {
699748
"--network=host",
700749
"--userns=host",
701750
"--pid=host",
702-
"--mount",
703-
"type=bind,src=/bin,dst=/bin,readonly",
704-
"--mount",
705-
"type=bind,src=/lib,dst=/lib,readonly",
706-
"--mount",
707-
"type=bind,src=/home,dst=/home,readonly",
708-
"--mount",
709-
"type=bind,src=/tmp,dst=/tmp",
710-
"--mount",
711-
"type=bind,src=/nix,dst=/nix",
712-
"--mount",
713-
"type=bind,src=/etc,dst=/etc,readonly",
714751
"--restart",
715752
"always",
716753
"--init",
717754
"--name",
718755
`determinate-nix-shim-${this.getUniqueId()}-${randomUUID()}`,
719-
"determinate-nix-shim:latest",
720-
],
756+
]
757+
.concat(mountArguments)
758+
.concat(["determinate-nix-shim:latest"]),
721759
{
722760
silent: true,
723761
listeners: {

0 commit comments

Comments
 (0)