mirror of
https://github.com/ValveSoftware/Proton.git
synced 2025-01-13 23:28:16 +03:00
build: Add support for relabeling container volumes.
This commit is contained in:
parent
7ff77df377
commit
b82289bd0d
12
README.md
12
README.md
@ -222,6 +222,18 @@ engine with `--container-engine=<executable_name>`.
|
|||||||
You can enable ccache with `--enable-cache` flag. This will mount your
|
You can enable ccache with `--enable-cache` flag. This will mount your
|
||||||
`$CCACHE_DIR` or `$HOME/.ccache` inside the container.
|
`$CCACHE_DIR` or `$HOME/.ccache` inside the container.
|
||||||
|
|
||||||
|
If SELinux is in use, the Proton build container may fail to access your
|
||||||
|
user's files. This is caused by [SELinux's filesystem labels][selinux-labels].
|
||||||
|
You may pass the --relabel-volumes switch to configure to cause the
|
||||||
|
[container engine to relabel its bind-mounts][bind-mounts] and allow access
|
||||||
|
to those files from within the container. This can be dangerous when used
|
||||||
|
with system directories. Proceed with caution and refer your container
|
||||||
|
engine's manual.
|
||||||
|
|
||||||
|
[selinux-labels]: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security-enhanced_linux/sect-security-enhanced_linux-working_with_selinux-selinux_contexts_labeling_files
|
||||||
|
[bind-mounts]: https://docs.docker.com/storage/bind-mounts/
|
||||||
|
|
||||||
|
|
||||||
Example:
|
Example:
|
||||||
|
|
||||||
mkdir build && cd build
|
mkdir build && cd build
|
||||||
|
@ -58,7 +58,7 @@ CCACHE_ENV := $(patsubst %,-e %,$(shell env|cut -d= -f1|grep '^CCACHE_'))
|
|||||||
ifeq ($(ENABLE_CCACHE),1)
|
ifeq ($(ENABLE_CCACHE),1)
|
||||||
CCACHE_BIN := ccache
|
CCACHE_BIN := ccache
|
||||||
export CCACHE_DIR := $(if $(CCACHE_DIR),$(CCACHE_DIR),$(HOME)/.ccache)
|
export CCACHE_DIR := $(if $(CCACHE_DIR),$(CCACHE_DIR),$(HOME)/.ccache)
|
||||||
DOCKER_OPTS := -v $(CCACHE_DIR):$(CCACHE_DIR) $(CCACHE_ENV) -e CCACHE_DIR=$(CCACHE_DIR) $(DOCKER_OPTS)
|
DOCKER_OPTS := -v $(CCACHE_DIR):$(CCACHE_DIR)$(CONTAINER_MOUNT_OPTS) $(CCACHE_ENV) -e CCACHE_DIR=$(CCACHE_DIR) $(DOCKER_OPTS)
|
||||||
else
|
else
|
||||||
export CCACHE_DISABLE := 1
|
export CCACHE_DISABLE := 1
|
||||||
DOCKER_OPTS := $(CCACHE_ENV) -e CCACHE_DISABLE=1 $(DOCKER_OPTS)
|
DOCKER_OPTS := $(CCACHE_ENV) -e CCACHE_DISABLE=1 $(DOCKER_OPTS)
|
||||||
@ -72,7 +72,7 @@ ifeq ($(CONTAINER_ENGINE),)
|
|||||||
CONTAINER_ENGINE := docker
|
CONTAINER_ENGINE := docker
|
||||||
endif
|
endif
|
||||||
|
|
||||||
DOCKER_BASE = $(CONTAINER_ENGINE) run --rm -v $(SRC):$(SRC) -v $(OBJ):$(OBJ) \
|
DOCKER_BASE = $(CONTAINER_ENGINE) run --rm -v $(SRC):$(SRC)$(CONTAINER_MOUNT_OPTS) -v $(OBJ):$(OBJ)$(CONTAINER_MOUNT_OPTS) \
|
||||||
-w $(OBJ) -e MAKEFLAGS \
|
-w $(OBJ) -e MAKEFLAGS \
|
||||||
$(DOCKER_OPTS) $(STEAMRT_IMAGE)
|
$(DOCKER_OPTS) $(STEAMRT_IMAGE)
|
||||||
|
|
||||||
|
23
configure.sh
23
configure.sh
@ -57,6 +57,8 @@ dependency_afdko() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CONTAINER_MOUNT_OPTS=""
|
||||||
|
|
||||||
check_container_engine() {
|
check_container_engine() {
|
||||||
info "Making sure that the container engine is working."
|
info "Making sure that the container engine is working."
|
||||||
if ! cmd $arg_container_engine run --rm $arg_protonsdk_image; then
|
if ! cmd $arg_container_engine run --rm $arg_protonsdk_image; then
|
||||||
@ -64,12 +66,15 @@ check_container_engine() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
touch permission_check
|
touch permission_check
|
||||||
local inner_uid="$($arg_container_engine run -v "$(pwd):/test" \
|
local inner_uid="$($arg_container_engine run -v "$(pwd):/test$CONTAINER_MOUNT_OPTS" \
|
||||||
--rm $arg_protonsdk_image \
|
--rm $arg_protonsdk_image \
|
||||||
stat --format "%u" /test/permission_check)"
|
stat --format "%u" /test/permission_check 2>&1)"
|
||||||
rm permission_check
|
rm permission_check
|
||||||
|
|
||||||
if [ "$inner_uid" -eq 0 ]; then
|
if [[ $inner_uid == *"Permission denied"* ]]; then
|
||||||
|
err "The container cannot access files. Are you using SELinux?"
|
||||||
|
die "Please read README.md and check your $arg_container_engine setup works."
|
||||||
|
elif [ "$inner_uid" -eq 0 ]; then
|
||||||
# namespace maps the user as root or the build is performed as host's root
|
# namespace maps the user as root or the build is performed as host's root
|
||||||
ROOTLESS_CONTAINER=1
|
ROOTLESS_CONTAINER=1
|
||||||
elif [ "$inner_uid" -eq "$(id -u)" ]; then
|
elif [ "$inner_uid" -eq "$(id -u)" ]; then
|
||||||
@ -130,6 +135,10 @@ function configure() {
|
|||||||
die "Missing dependencies, cannot continue."
|
die "Missing dependencies, cannot continue."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [[ -n "$arg_relabel_volumes" ]]; then
|
||||||
|
CONTAINER_MOUNT_OPTS=:Z
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ -n "$arg_container_engine" ]]; then
|
if [[ -n "$arg_container_engine" ]]; then
|
||||||
check_container_engine
|
check_container_engine
|
||||||
fi
|
fi
|
||||||
@ -154,6 +163,9 @@ function configure() {
|
|||||||
if [[ -n "$arg_docker_opts" ]]; then
|
if [[ -n "$arg_docker_opts" ]]; then
|
||||||
echo "DOCKER_OPTS := $arg_docker_opts"
|
echo "DOCKER_OPTS := $arg_docker_opts"
|
||||||
fi
|
fi
|
||||||
|
if [[ -n "$CONTAINER_MOUNT_OPTS" ]]; then
|
||||||
|
echo "CONTAINER_MOUNT_OPTS := $CONTAINER_MOUNT_OPTS"
|
||||||
|
fi
|
||||||
if [[ -n "$arg_enable_ccache" ]]; then
|
if [[ -n "$arg_enable_ccache" ]]; then
|
||||||
echo "ENABLE_CCACHE := 1"
|
echo "ENABLE_CCACHE := 1"
|
||||||
fi
|
fi
|
||||||
@ -179,6 +191,7 @@ arg_no_protonsdk=""
|
|||||||
arg_build_name=""
|
arg_build_name=""
|
||||||
arg_container_engine="docker"
|
arg_container_engine="docker"
|
||||||
arg_docker_opts=""
|
arg_docker_opts=""
|
||||||
|
arg_relabel_volumes=""
|
||||||
arg_enable_ccache=""
|
arg_enable_ccache=""
|
||||||
arg_help=""
|
arg_help=""
|
||||||
invalid_args=""
|
invalid_args=""
|
||||||
@ -222,6 +235,8 @@ function parse_args() {
|
|||||||
elif [[ $arg = --docker-opts ]]; then
|
elif [[ $arg = --docker-opts ]]; then
|
||||||
arg_docker_opts="$val"
|
arg_docker_opts="$val"
|
||||||
val_used=1
|
val_used=1
|
||||||
|
elif [[ $arg = --relabel-volumes ]]; then
|
||||||
|
arg_relabel_volumes="1"
|
||||||
elif [[ $arg = --enable-ccache ]]; then
|
elif [[ $arg = --enable-ccache ]]; then
|
||||||
arg_enable_ccache="1"
|
arg_enable_ccache="1"
|
||||||
elif [[ $arg = --proton-sdk-image ]]; then
|
elif [[ $arg = --proton-sdk-image ]]; then
|
||||||
@ -280,6 +295,8 @@ usage() {
|
|||||||
"$1" ""
|
"$1" ""
|
||||||
"$1" " --docker-opts='<options>' Extra options to pass to Docker when invoking the runtime."
|
"$1" " --docker-opts='<options>' Extra options to pass to Docker when invoking the runtime."
|
||||||
"$1" ""
|
"$1" ""
|
||||||
|
"$1" " --relabel-volumes Bind-mounted volumes will be relabeled. Use with caution."
|
||||||
|
"$1" ""
|
||||||
"$1" " --enable-ccache Mount \$CCACHE_DIR or \$HOME/.ccache inside of the container and use ccache for the build."
|
"$1" " --enable-ccache Mount \$CCACHE_DIR or \$HOME/.ccache inside of the container and use ccache for the build."
|
||||||
"$1" ""
|
"$1" ""
|
||||||
"$1" " Steam Runtime"
|
"$1" " Steam Runtime"
|
||||||
|
Loading…
x
Reference in New Issue
Block a user