From 676f358fddaf4297e6037950ab45d0f7c0949556 Mon Sep 17 00:00:00 2001
From: Mateusz Moscicki <m.moscicki2@partner.samsung.com>
Date: Wed, 13 Sep 2023 10:38:25 +0200
Subject: [PATCH] Use symlinks for directories that are symlinked

In the system the directory like /lib is a link to /usr/lib
In the sandbox we have performed two binds, which resulted in the fact
that from the sandbox perspective, the modificaiton (bind) in directory
/usr/lib was not visible in /lib

By using symlinks inside the sandbox the ISU package that
provides some libraries can bind it to one path:

  --bind #ISU_RUN_PATH#/service/rootfs/usr/lib/libservice.so.1 /usr/lib/libservice.so.1

instead of:

  --bind #ISU_RUN_PATH#/service/rootfs/usr/lib/libservice.so.1 /usr/lib/libservice.so.1
  --bind #ISU_RUN_PATH#/service/rootfs/usr/lib/libservice.so.1 /lib/libservice.so.1

Change-Id: I9c7c8854261546b2bc9f7111b3f90e9f9cd07c41
---
 packaging/isu.spec                  |  2 +-
 src/helpers/service-common.inc      |  8 ++++----
 src/helpers/user-service-common.inc | 10 +++++-----
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/packaging/isu.spec b/packaging/isu.spec
index 31cac75..43e601c 100644
--- a/packaging/isu.spec
+++ b/packaging/isu.spec
@@ -1,6 +1,6 @@
 Summary: Individual Service Upgrade support
 Name:    isu
-Version: 8.0.9
+Version: 8.0.10
 Release: 1
 Source0: %{name}-%{version}.tar.gz
 License: MIT
diff --git a/src/helpers/service-common.inc b/src/helpers/service-common.inc
index 9b703a1..da23173 100644
--- a/src/helpers/service-common.inc
+++ b/src/helpers/service-common.inc
@@ -4,14 +4,14 @@
 ISU_SANDBOX_INVOCATION=--proc /proc \
     --dev-bind /dev /dev \
     --ro-bind /etc /etc \
-    --ro-bind /bin /bin \
-    --ro-bind /lib /lib \
-    --ro-bind-try /lib64 /lib64 \
-    --bind /var /var \
     --bind-try /hal /hal \
     --bind /sys /sys \
     --bind /run /run \
     --bind /opt /opt \
     --bind /usr /usr \
+    --symlink /usr/bin /bin \
+    --symlink /usr/lib /lib \
+    --symlink-try /usr/lib64 /lib64 \
+    --symlink /opt/var /var \
     --suid-bind \
     --map-all-uids
diff --git a/src/helpers/user-service-common.inc b/src/helpers/user-service-common.inc
index 158b314..616c0c9 100644
--- a/src/helpers/user-service-common.inc
+++ b/src/helpers/user-service-common.inc
@@ -4,12 +4,12 @@
 ISU_SANDBOX_INVOCATION=--proc /proc \
     --dev-bind /dev /dev \
     --ro-bind /etc /etc \
-    --ro-bind /bin /bin \
-    --ro-bind /lib /lib \
-    --ro-bind-try /lib64 /lib64 \
-    --bind /var /var \
     --bind-try /hal /hal \
     --bind /sys /sys \
     --bind /run /run \
     --bind /opt /opt \
-    --bind /usr /usr
+    --bind /usr /usr \
+    --symlink /usr/bin /bin \
+    --symlink /usr/lib /lib \
+    --symlink-try /usr/lib64 /lib64 \
+    --symlink /opt/var /var
-- 
2.7.4