pkgs/sandbox: Handle non-existing paths

We now distinguish between paths that have to exist and paths that are
fine to skip during bind mounting.

So far we had hard failures whenever a path that needed to be mounted
didn't exist, for example something like $XDG_CONFIG_HOME/unity3d failed
whenever the directory didn't exist.

Apart from that we now have a more clean attribute structure for sandbox
parameters, which are now:

  * paths.required: Created prior to bind-mounting
  * paths.wanted: Skipped if it doesn't exist
  * paths.runtimeVars: Extracted from PATH-like environment variables

Signed-off-by: aszlig <aszlig@nix.build>

2 files changed, 18 insertions, 13 deletions

diff --git a/pkgs/games/build-support/build-sandbox/src/setup.c b/pkgs/games/build-support/build-sandbox/src/setup.c
index 0b582e92..f351ce19 100644
--- a/pkgs/games/build-support/build-sandbox/src/setup.c
+++ b/pkgs/games/build-support/build-sandbox/src/setup.c
@@ -91,7 +91,7 @@ bool write_maps(pid_t parent_pid)
     return true;
 }
 
-static bool makedirs(const char *path)
+static bool makedirs(const char *path, bool do_cache)
 {
     char *tmp, *segment;
 
@@ -103,13 +103,13 @@ static bool makedirs(const char *path)
     segment = dirname(tmp);
 
     if (!(segment[0] == '/' && segment[1] == '\0')) {
-        if (!makedirs(segment)) {
+        if (!makedirs(segment, do_cache)) {
             free(tmp);
             return false;
         }
     }
 
-    if (cache_path(cached_paths, path))
+    if (!do_cache || cache_path(cached_paths, path))
         (void)mkdir(path, 0755);
     free(tmp);
     return true;
@@ -138,17 +138,14 @@ bool bind_mount(const char *path, bool restricted, bool resolve)
     if (restricted)
         mflags |= MS_NOSUID | MS_NODEV | MS_NOATIME;
 
-    if (resolve) {
-        if (realpath(path, src) == NULL) {
-            fprintf(stderr, "realpath of %s: %s\n", path, strerror(errno));
-            return false;
-        }
-    }
+    if (resolve ? realpath(path, src) == NULL : access(path, F_OK) == -1)
+        // Skip missing mount source
+        return true;
 
     if ((target = get_mount_target(resolve ? src : path)) == NULL)
         return false;
 
-    if (!makedirs(target)) {
+    if (!makedirs(target, false)) {
         free(target);
         return false;
     }
@@ -173,6 +170,10 @@ static bool bind_file(const char *path)
 {
     char *target, *tmp;
 
+    if (access(path, R_OK) == -1)
+        // Skip missing mount source
+        return true;
+
     if ((target = get_mount_target(path)) == NULL)
         return false;
 
@@ -182,7 +183,7 @@ static bool bind_file(const char *path)
         return false;
     }
 
-    if (!makedirs(dirname(tmp))) {
+    if (!makedirs(dirname(tmp), true)) {
         free(target);
         free(tmp);
         return false;
@@ -452,12 +453,16 @@ static char *replace_env(const char *path)
     return replace_env_offset_free(path, base);
 }
 
-bool extra_mount(const char *path)
+bool extra_mount(const char *path, bool is_required)
 {
     char *expanded;
+
     if ((expanded = replace_env(path)) == NULL)
         return false;
 
+    if (is_required && !makedirs(expanded, false))
+        return false;
+
     if (!bind_mount(expanded, true, true)) {
         free(expanded);
         return false;
diff --git a/pkgs/games/build-support/build-sandbox/src/setup.h b/pkgs/games/build-support/build-sandbox/src/setup.h
index c3b69699..fe882dc5 100644
--- a/pkgs/games/build-support/build-sandbox/src/setup.h
+++ b/pkgs/games/build-support/build-sandbox/src/setup.h
@@ -7,7 +7,7 @@
 
 bool write_maps(pid_t parent_pid);
 bool bind_mount(const char *path, bool restricted, bool resolve);
-bool extra_mount(const char *path);
+bool extra_mount(const char *path, bool is_required);
 bool mount_from_path_var(struct query_state *qs, const char *name);
 bool setup_sandbox(void);