From 2393b1cadf7723bfc7d69a90d6bf441d2b34ccc4 Mon Sep 17 00:00:00 2001 From: Francis Laniel Date: Thu, 20 Jul 2023 12:04:08 +0200 Subject: [PATCH] Use simple fd field for mountEntry. We cannot have both srcFD and idMapFD set at the same time. So, we can simplify this struct to only have one field which is used a srcFD most of the time and as idMapFD when we do an id map mount. Signed-off-by: Francis Laniel --- libcontainer/rootfs_linux.go | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 0da300f9912..69fb6a74882 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -40,13 +40,12 @@ type mountConfig struct { // mountEntry contains mount data specific to a mount point. type mountEntry struct { *configs.Mount - srcFD *int - idmapFD int + fd *int } func (m *mountEntry) src() string { - if m.srcFD != nil { - return "/proc/self/fd/" + strconv.Itoa(*m.srcFD) + if m.fd != nil { + return "/proc/self/fd/" + strconv.Itoa(*m.fd) } return m.Source } @@ -86,20 +85,19 @@ func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig, mountFds mountFds) ( cgroupns: config.Namespaces.Contains(configs.NEWCGROUP), } for i, m := range config.Mounts { - entry := mountEntry{Mount: m, idmapFD: -1} + entry := mountEntry{Mount: m} // Just before the loop we checked that if not empty, len(mountFds) == len(config.Mounts). // Therefore, we can access mountFds[i] without any concerns. if mountFds.sourceFds != nil && mountFds.sourceFds[i] != -1 { - entry.srcFD = &mountFds.sourceFds[i] + entry.fd = &mountFds.sourceFds[i] } // We validated before we can access idmapFds[i]. if mountFds.idmapFds != nil && mountFds.idmapFds[i] != -1 { - entry.idmapFD = mountFds.idmapFds[i] - } - - if entry.idmapFD != -1 && entry.srcFD != nil { - return fmt.Errorf("malformed mountFds and idmapFds slice, entry: %v has fds in both slices", i) + if entry.fd != nil { + return fmt.Errorf("malformed mountFds and idmapFds slice, entry: %v has fds in both slices", i) + } + entry.fd = &mountFds.idmapFds[i] } if err := mountToRootfs(mountConfig, entry); err != nil { @@ -482,10 +480,10 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { } if m.IsBind() && m.IsIDMapped() { - if m.idmapFD == -1 { + if m.fd == nil { return fmt.Errorf("error creating mount %+v: idmapFD is invalid, should point to a valid fd", m) } - if err := unix.MoveMount(m.idmapFD, "", -1, dest, unix.MOVE_MOUNT_F_EMPTY_PATH); err != nil { + if err := unix.MoveMount(*m.fd, "", -1, dest, unix.MOVE_MOUNT_F_EMPTY_PATH); err != nil { return fmt.Errorf("error on unix.MoveMount %+v: %w", m, err) } @@ -1106,7 +1104,7 @@ func writeSystemProperty(key, value string) error { func remount(m mountEntry, rootfs string) error { return utils.WithProcfd(rootfs, m.Destination, func(dstFD string) error { flags := uintptr(m.Flags | unix.MS_REMOUNT) - err := mountViaFDs(m.Source, m.srcFD, m.Destination, dstFD, m.Device, flags, "") + err := mountViaFDs(m.Source, m.fd, m.Destination, dstFD, m.Device, flags, "") if err == nil { return nil } @@ -1121,7 +1119,7 @@ func remount(m mountEntry, rootfs string) error { } // ... and retry the mount with ro flag set. flags |= unix.MS_RDONLY - return mountViaFDs(m.Source, m.srcFD, m.Destination, dstFD, m.Device, flags, "") + return mountViaFDs(m.Source, m.fd, m.Destination, dstFD, m.Device, flags, "") }) } @@ -1145,7 +1143,7 @@ func mountPropagate(m mountEntry, rootfs string, mountLabel string) error { // inside the container with WithProcfd() -- mounting through a procfd // mounts on the target. if err := utils.WithProcfd(rootfs, m.Destination, func(dstFD string) error { - return mountViaFDs(m.Source, m.srcFD, m.Destination, dstFD, m.Device, uintptr(flags), data) + return mountViaFDs(m.Source, m.fd, m.Destination, dstFD, m.Device, uintptr(flags), data) }); err != nil { return err }