Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow to bind tmpfs to a custom path bound to each run #62

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 6 additions & 4 deletions lib/build.ml
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ module Make (Raw_store : S.STORE) (Sandbox : S.SANDBOX) = struct
cmd : string;
shell : string list;
network : string list;
tmpfs : string list;
} [@@deriving sexp_of]

let run t ~switch ~log ~cache run_input =
Expand All @@ -68,7 +69,7 @@ module Make (Raw_store : S.STORE) (Sandbox : S.SANDBOX) = struct
|> Sha256.string
|> Sha256.to_hex
in
let { base; workdir; user; env; cmd; shell; network } = run_input in
let { base; workdir; user; env; cmd; shell; network; tmpfs } = run_input in
Store.build t.store ?switch ~base ~id ~log (fun ~cancelled ~log result_tmp ->
let to_release = ref [] in
Lwt.finalize
Expand All @@ -80,7 +81,7 @@ module Make (Raw_store : S.STORE) (Sandbox : S.SANDBOX) = struct
)
>>= fun mounts ->
let argv = shell @ [cmd] in
let config = Config.v ~cwd:workdir ~argv ~hostname ~user ~env ~mounts ~network in
let config = Config.v ~cwd:workdir ~argv ~hostname ~user ~env ~mounts ~network ~tmpfs in
Os.with_pipe_to_child @@ fun ~r:stdin ~w:close_me ->
Lwt_unix.close close_me >>= fun () ->
Sandbox.run ~cancelled ~stdin ~log t.sandbox config result_tmp
Expand Down Expand Up @@ -147,6 +148,7 @@ module Make (Raw_store : S.STORE) (Sandbox : S.SANDBOX) = struct
~env:["PATH", "/bin:/usr/bin"]
~mounts:[]
~network:[]
~tmpfs:[]
in
Os.with_pipe_to_child @@ fun ~r:from_us ~w:to_untar ->
let proc = Sandbox.run ~cancelled ~stdin:from_us ~log t.sandbox config result_tmp in
Expand Down Expand Up @@ -187,10 +189,10 @@ module Make (Raw_store : S.STORE) (Sandbox : S.SANDBOX) = struct
| `Comment _ -> k ~base ~context
| `Workdir workdir -> k ~base ~context:(update_workdir ~context workdir)
| `User user -> k ~base ~context:{context with user}
| `Run { shell = cmd; cache; network } ->
| `Run { shell = cmd; cache; network; tmpfs } ->
let switch, run_input, log =
let { Context.switch; workdir; user; env; shell; log; src_dir = _; scope = _ } = context in
(switch, { base; workdir; user; env; cmd; shell; network }, log)
(switch, { base; workdir; user; env; cmd; shell; network; tmpfs }, log)
in
run t ~switch ~log ~cache run_input >>!= fun base ->
k ~base ~context
Expand Down
5 changes: 3 additions & 2 deletions lib/config.ml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,8 @@ type t = {
env : env;
mounts : Mount.t list;
network : string list;
tmpfs : string list;
}

let v ~cwd ~argv ~hostname ~user ~env ~mounts ~network =
{ cwd; argv; hostname; user; env; mounts; network }
let v ~cwd ~argv ~hostname ~user ~env ~mounts ~network ~tmpfs =
{ cwd; argv; hostname; user; env; mounts; network; tmpfs }
12 changes: 10 additions & 2 deletions lib/runc_sandbox.ml
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ module Json_config = struct
in
`Assoc fields

let make {Config.cwd; argv; hostname; user; env; mounts; network} t ~config_dir ~results_dir : Yojson.Safe.t =
let make {Config.cwd; argv; hostname; user; env; mounts; network; tmpfs} t ~config_dir ~results_dir : Yojson.Safe.t =
let user =
let { Obuilder_spec.uid; gid } = user in
`Assoc [
Expand Down Expand Up @@ -225,6 +225,14 @@ module Json_config = struct
]
else []
) @
List.map (fun target ->
mount target
~ty:"tmpfs"
~src:"tmpfs"
~options:[
"size=6G";
]
) tmpfs @
user_mounts mounts
);
"linux", `Assoc [
Expand All @@ -251,7 +259,7 @@ module Json_config = struct
"seccomp", seccomp_policy t;
];
]
end
end

let next_id = ref 0

Expand Down
7 changes: 5 additions & 2 deletions lib_spec/docker.ml
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,11 @@ let pp_cache ~ctx f { Cache.id; target; buildkit_options } =
in
Fmt.pf f "%a" Fmt.(list ~sep:(unit ",") pp_pair) buildkit_options

let pp_run ~ctx f { Spec.cache; shell; network = _ } =
Fmt.pf f "RUN %a%a" Fmt.(list (pp_cache ~ctx ++ const string " ")) cache pp_wrap shell
let pp_tmpfs f target =
Fmt.pf f "--mount=type=tmpfs,target=%s" target

let pp_run ~ctx f { Spec.cache; shell; network = _; tmpfs } =
Fmt.pf f "RUN %a%a%a" Fmt.(list (pp_cache ~ctx ++ const string " ")) cache (Fmt.list pp_tmpfs) tmpfs pp_wrap shell
Copy link
Contributor

@talex5 talex5 Mar 8, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not convinced the spacing is correct here. Probably worth updating the unit-tests to check this.


let pp_copy ~ctx f { Spec.from; src; dst; exclude = _ } =
let from = match from with
Expand Down
5 changes: 3 additions & 2 deletions lib_spec/spec.ml
Original file line number Diff line number Diff line change
Expand Up @@ -62,11 +62,12 @@ type user = { uid : int; gid : int }
type run = {
cache : Cache.t list [@sexp.list];
network : string list [@sexp.list];
tmpfs : string list [@sexp.list];
shell : string;
} [@@deriving sexp]

let run_inlined = function
| "cache" | "network" -> true
| "cache" | "network" | "tmpfs" -> true
| _ -> false

let run_of_sexp x = run_of_sexp (inflate_record run_inlined x)
Expand Down Expand Up @@ -145,7 +146,7 @@ let rec t_of_sexp = function
let comment fmt = fmt |> Printf.ksprintf (fun c -> `Comment c)
let workdir x = `Workdir x
let shell xs = `Shell xs
let run ?(cache=[]) ?(network=[]) fmt = fmt |> Printf.ksprintf (fun x -> `Run { shell = x; cache; network })
let run ?(cache=[]) ?(network=[]) ?(tmpfs=[]) fmt = fmt |> Printf.ksprintf (fun x -> `Run { shell = x; cache; network; tmpfs })
let copy ?(from=`Context) ?(exclude=[]) src ~dst = `Copy { from; src; dst; exclude }
let env k v = `Env (k, v)
let user ~uid ~gid = `User { uid; gid }
Expand Down
3 changes: 2 additions & 1 deletion lib_spec/spec.mli
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ type user = {
type run = {
cache : Cache.t list;
network : string list;
tmpfs : string list;
shell : string;
} [@@deriving sexp]

Expand All @@ -37,7 +38,7 @@ val stage : ?child_builds:(string * t) list -> from:string -> op list -> t
val comment : ('a, unit, string, op) format4 -> 'a
val workdir : string -> op
val shell : string list -> op
val run : ?cache:Cache.t list -> ?network:string list -> ('a, unit, string, op) format4 -> 'a
val run : ?cache:Cache.t list -> ?network:string list -> ?tmpfs:string list -> ('a, unit, string, op) format4 -> 'a
val copy : ?from:[`Context | `Build of string] -> ?exclude:string list -> string list -> dst:string -> op
val env : string -> string -> op
val user : uid:int -> gid:int -> op
Expand Down