Expand description
Sandbox action configuration.
This module defines the types used to configure sandbox setup and teardown
actions. Actions are specified in the sandboxes.actions table of the Lua
configuration file.
§Action Types
Four action types are supported:
- mount: Mount a filesystem inside the sandbox
- copy: Copy files or directories into the sandbox
- symlink: Create a symbolic link inside the sandbox
- cmd: Execute shell commands during setup/teardown
§Execution Order
Actions are processed in order during sandbox creation, and in reverse order during sandbox destruction.
§Configuration Examples
sandboxes = {
basedir = "/data/chroot/bob",
actions = {
-- Mount procfs
{ action = "mount", fs = "proc", dir = "/proc" },
-- Mount devfs
{ action = "mount", fs = "dev", dir = "/dev" },
-- Mount tmpfs with size limit
{ action = "mount", fs = "tmp", dir = "/tmp", opts = "size=1G" },
-- Read-only bind mount from host
{ action = "mount", fs = "bind", dir = "/usr/bin", opts = "ro" },
-- Copy /etc into sandbox
{ action = "copy", dir = "/etc" },
-- Create symbolic link
{ action = "symlink", src = "usr/bin", dest = "/bin" },
-- Run command on setup (working directory is sandbox root)
{ action = "cmd", create = "chmod 1777 tmp" },
-- Run different commands on create and destroy
{ action = "cmd", create = "mkdir -p home/builder", destroy = "rm -rf home/builder" },
-- Only mount if source exists on host
{ action = "mount", fs = "bind", dir = "/opt/local", ifexists = true },
},
}§Common Fields
| Field | Type | Description |
|---|---|---|
dir | string | Shorthand when src and dest are the same path |
src | string | Source path on the host system |
dest | string | Destination path inside the sandbox |
ifexists | boolean | Only perform action if source exists (default: false) |
Structs§
- Action
- A sandbox action configuration.
Enums§
- Action
Type - The type of sandbox action to perform.
- FSType
- Filesystem types for mount actions.