-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feature: Support sandbox configuration option for FUSE #1974
Comments
For local execution, this should be possible to support without any changes in BuildBox. BuildStream would need to append The Ideally, we'd also support this for remote execution. However, this would require defining a platform property and adding support for that in buildbox-run-bubblewrap, which is a part of https://gitlab.com/BuildGrid/buildbox/buildbox/. The platform property approach should work for both remote and local execution, so this would not require the |
Simply passing I can however confirm that
I guess the build sandbox also needs some additional capabilities to be able to use the mount syscall. |
Yeah, you need I kinda feel that fuse isn't the right thing to use in a sandbox |
I don't think there is anything conceptually wrong with using FUSE in a sandbox. However, I would certainly avoid the problem space if there is an alternative, and requiring Since Linux 4.18, the namespace-restricted @jbleonesio Have you considered using 7z or the library provided by darling-dmg to extract the .dmg instead of FUSE? |
I understand that managing capabilities in the sandbox is not an inconsequential matter. @juergbi Luckily, I just managed to extract the content of the .dmg using It's valuable to have a way to extract dmg files in BuildStream build sandbox because this format is a widespread way to distribute precompiled software for MacOS. In some other situations were no alternatives to mounting filesystems could be found, having the opportunity to use fuse would still be valuable IMHO. |
Would it be complete nonsense to handle this case through source plugin? So host does the FUSE mount to unpack data into source cache and the content gets imported into sandbox for further processing. |
As discussed with @juergbi BuildStream is lacking a way to tune the build sandbox configuration.
For example, it is possible to expose some devices to the shell sandbox (eg. /dev/fuse) but not on the build sandbox unfortunately.
For my personal use case I wanted to extract the content of a MacOS .dmg file using a remote element (using darling-dmg bundled as a dependency) but was quickly stopped by the lack of /dev/fuse exposition in the build sandbox.
I'm willing to give a try to start implementing something if someone can give me some pointers/context.
The text was updated successfully, but these errors were encountered: