Skip to content

Commit

Permalink
Split out a hostexec module
Browse files Browse the repository at this point in the history
We'll use this even in cases where we don't have the `install`
feature.

Signed-off-by: Colin Walters <[email protected]>
  • Loading branch information
cgwalters authored and jeckersb committed Jan 23, 2024
1 parent 1e9c282 commit 619d4ac
Show file tree
Hide file tree
Showing 6 changed files with 38 additions and 30 deletions.
2 changes: 1 addition & 1 deletion lib/src/blockdev.rs
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
use crate::install::run_in_host_mountns;
use crate::hostexec::run_in_host_mountns;
use crate::task::Task;
use anyhow::{anyhow, Context, Result};
use camino::{Utf8Path, Utf8PathBuf};
Expand Down
2 changes: 1 addition & 1 deletion lib/src/cli.rs
Original file line number Diff line number Diff line change
Expand Up @@ -534,7 +534,7 @@ async fn run_from_opt(opt: Opt) -> Result<()> {
},
#[cfg(feature = "install")]
Opt::ExecInHostMountNamespace { args } => {
crate::install::exec_in_host_mountns(args.as_slice())
crate::hostexec::exec_in_host_mountns(args.as_slice())
}
Opt::Status(opts) => super::status::status(opts).await,
#[cfg(feature = "internal-testing-api")]
Expand Down
33 changes: 33 additions & 0 deletions lib/src/hostexec.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
//! Run a command in the host mount namespace
use std::os::fd::AsFd;
use std::os::unix::process::CommandExt;
use std::process::Command;

use anyhow::{Context, Result};
use camino::Utf8Path;
use fn_error_context::context;

/// Run a command in the host mount namespace
pub(crate) fn run_in_host_mountns(cmd: &str) -> Command {
let mut c = Command::new("/proc/self/exe");
c.args(["exec-in-host-mount-namespace", cmd]);
c
}

#[context("Re-exec in host mountns")]
pub(crate) fn exec_in_host_mountns(args: &[std::ffi::OsString]) -> Result<()> {
let (cmd, args) = args[1..]
.split_first()
.ok_or_else(|| anyhow::anyhow!("Missing command"))?;
let pid1mountns = std::fs::File::open("/proc/1/ns/mnt")?;
nix::sched::setns(pid1mountns.as_fd(), nix::sched::CloneFlags::CLONE_NEWNS).context("setns")?;
rustix::process::chdir("/")?;
// Work around supermin doing chroot() and not pivot_root
// https://github.com/libguestfs/supermin/blob/5230e2c3cd07e82bd6431e871e239f7056bf25ad/init/init.c#L288
if !Utf8Path::new("/usr").try_exists()? && Utf8Path::new("/root/usr").try_exists()? {
tracing::debug!("Using supermin workaround");
rustix::process::chroot("/root")?;
}
Err(Command::new(cmd).args(args).exec())?
}
28 changes: 1 addition & 27 deletions lib/src/install.rs
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,6 @@ pub(crate) mod baseline;
use std::io::BufWriter;
use std::io::Write;
use std::os::fd::AsFd;
use std::os::unix::process::CommandExt;
use std::process::Command;
use std::str::FromStr;
use std::sync::Arc;

Expand All @@ -38,6 +36,7 @@ use serde::{Deserialize, Serialize};

use self::baseline::InstallBlockDeviceOpts;
use crate::containerenv::ContainerExecutionInfo;
use crate::hostexec::run_in_host_mountns;
use crate::task::Task;
use crate::utils::sigpolicy_from_opts;

Expand Down Expand Up @@ -709,31 +708,6 @@ async fn initialize_ostree_root_from_self(
Ok(aleph)
}

/// Run a command in the host mount namespace
pub(crate) fn run_in_host_mountns(cmd: &str) -> Command {
let mut c = Command::new("/proc/self/exe");
c.args(["exec-in-host-mount-namespace", cmd]);
c
}

#[context("Re-exec in host mountns")]
pub(crate) fn exec_in_host_mountns(args: &[std::ffi::OsString]) -> Result<()> {
let (cmd, args) = args
.split_first()
.ok_or_else(|| anyhow::anyhow!("Missing command"))?;
tracing::trace!("{cmd:?} {args:?}");
let pid1mountns = std::fs::File::open("/proc/1/ns/mnt")?;
nix::sched::setns(pid1mountns.as_fd(), nix::sched::CloneFlags::CLONE_NEWNS).context("setns")?;
rustix::process::chdir("/").context("chdir")?;
// Work around supermin doing chroot() and not pivot_root
// https://github.com/libguestfs/supermin/blob/5230e2c3cd07e82bd6431e871e239f7056bf25ad/init/init.c#L288
if !Utf8Path::new("/usr").try_exists()? && Utf8Path::new("/root/usr").try_exists()? {
tracing::debug!("Using supermin workaround");
rustix::process::chroot("/root").context("chroot")?;
}
Err(Command::new(cmd).args(args).exec()).context("exec")?
}

#[context("Querying skopeo version")]
fn require_skopeo_with_containers_storage() -> Result<()> {
let out = Task::new_cmd("skopeo --version", run_in_host_mountns("skopeo"))
Expand Down
1 change: 1 addition & 0 deletions lib/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@

pub mod cli;
pub(crate) mod deploy;
pub(crate) mod hostexec;
mod lsm;
mod reboot;
mod reexec;
Expand Down
2 changes: 1 addition & 1 deletion lib/src/podman.rs
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
use anyhow::{anyhow, Result};
use serde::Deserialize;

use crate::install::run_in_host_mountns;
use crate::hostexec::run_in_host_mountns;
use crate::task::Task;

#[derive(Deserialize)]
Expand Down

0 comments on commit 619d4ac

Please sign in to comment.