In the system the directory like /lib is a link to /usr/lib
In the sandbox we have performed two binds, which resulted in the fact
that from the sandbox perspective, the modificaiton (bind) in directory
/usr/lib was not visible in /lib
By using symlinks inside the sandbox the ISU package that
provides some libraries can bind it to one path:
--bind #ISU_RUN_PATH#/service/rootfs/usr/lib/libservice.so.1 /usr/lib/libservice.so.1
instead of:
--bind #ISU_RUN_PATH#/service/rootfs/usr/lib/libservice.so.1 /usr/lib/libservice.so.1
--bind #ISU_RUN_PATH#/service/rootfs/usr/lib/libservice.so.1 /lib/libservice.so.1
Change-Id: I9c7c8854261546b2bc9f7111b3f90e9f9cd07c41
Summary: Individual Service Upgrade support
Name: isu
-Version: 8.0.9
+Version: 8.0.10
Release: 1
Source0: %{name}-%{version}.tar.gz
License: MIT
ISU_SANDBOX_INVOCATION=--proc /proc \
--dev-bind /dev /dev \
--ro-bind /etc /etc \
- --ro-bind /bin /bin \
- --ro-bind /lib /lib \
- --ro-bind-try /lib64 /lib64 \
- --bind /var /var \
--bind-try /hal /hal \
--bind /sys /sys \
--bind /run /run \
--bind /opt /opt \
--bind /usr /usr \
+ --symlink /usr/bin /bin \
+ --symlink /usr/lib /lib \
+ --symlink-try /usr/lib64 /lib64 \
+ --symlink /opt/var /var \
--suid-bind \
--map-all-uids
ISU_SANDBOX_INVOCATION=--proc /proc \
--dev-bind /dev /dev \
--ro-bind /etc /etc \
- --ro-bind /bin /bin \
- --ro-bind /lib /lib \
- --ro-bind-try /lib64 /lib64 \
- --bind /var /var \
--bind-try /hal /hal \
--bind /sys /sys \
--bind /run /run \
--bind /opt /opt \
- --bind /usr /usr
+ --bind /usr /usr \
+ --symlink /usr/bin /bin \
+ --symlink /usr/lib /lib \
+ --symlink-try /usr/lib64 /lib64 \
+ --symlink /opt/var /var