bootstrap: delay the buildroot-in-bootstrap recursive mount

We need to make sure that all buildroot mountpoints that need to be visible from within the bootstrap chroot are mounted first, before we do the "grand" buildroot-in-bootstrap recursive mountpoint. Then all the sub-mounts are visible on both places. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2166028 Closes: #1040
rpm-software-management · May 15, 2023 · 22c8fdc · 22c8fdc
1 parent bab8f81
commit 22c8fdc
Show file tree

Hide file tree

Showing 5 changed files with 42 additions and 3 deletions.
diff --git a/mock/py/mock.py b/mock/py/mock.py
@@ -794,12 +794,12 @@ def main():
         inner_mount = bootstrap_buildroot.make_chroot_path(buildroot.make_chroot_path())
 
         # Hide re-mounted chroot from host by private tmpfs.
-        buildroot.mounts.managed_mounts.append(
+        buildroot.mounts.bootstrap_mounts.append(
             FileSystemMountPoint(filetype='tmpfs',
                                  device='hide_root_in_bootstrap',
                                  path=inner_mount,
                                  options="private"))
-        buildroot.mounts.managed_mounts.append(
+        buildroot.mounts.bootstrap_mounts.append(
             BindMountPoint(buildroot.make_chroot_path(), inner_mount,
                            recursive=True, options="private"))
 

diff --git a/mock/py/mockbuild/buildroot.py b/mock/py/mockbuild/buildroot.py
@@ -257,7 +257,9 @@ def doOutChroot(self, command, *args, **kwargs):
         on host.  Return (output, exit_status) tuple.
         """
         if self.bootstrap_buildroot:
-            return self.bootstrap_buildroot.doChroot(command, *args, **kwargs)
+            with self.mounts.buildroot_in_bootstrap_mounted():
+                return self.bootstrap_buildroot.doChroot(command, *args, **kwargs)
+
         return util.do_with_status(command, *args, **kwargs)
 
     def doChroot(self, command, nosync=False, *args, **kargs):

diff --git a/mock/py/mockbuild/mounts.py b/mock/py/mockbuild/mounts.py
@@ -4,6 +4,7 @@
 import grp
 import os
 import os.path
+from contextlib import contextmanager
 
 from . import file_util
 from . import exception
@@ -146,6 +147,7 @@ def __init__(self, rootObj):
         self.essential_mounts = [] # /proc, /sys ... normally managed by systemd
         self.managed_mounts = []  # mounts owned by mock
         self.user_mounts = []  # mounts injected by user
+        self.bootstrap_mounts = []
 
         # Instead of mounting a fresh procfs and sysfs, we bind mount /proc
         # and /sys. This avoids problems with kernel restrictions if running
@@ -228,6 +230,26 @@ def mountall_essential(self):
         for m in self.essential_mounts:
             m.mount()
 
+    @traceLog()
+    def mount_bootstrap(self):
+        with self.rootObj.uid_manager.elevated_privileges():
+            for m in self.bootstrap_mounts:
+                m.mount()
+
+    @traceLog()
+    def umount_bootstrap(self):
+        with self.rootObj.uid_manager.elevated_privileges():
+            for m in reversed(self.bootstrap_mounts):
+                m.umount()
+
+    @contextmanager
+    def buildroot_in_bootstrap_mounted(self):
+        self.mount_bootstrap()
+        try:
+            yield
+        finally:
+            self.umount_bootstrap()
+
     @traceLog()
     def mountall_managed(self):
         if not util.USE_NSPAWN:

diff --git a/mock/py/mockbuild/package_manager.py b/mock/py/mockbuild/package_manager.py
@@ -221,6 +221,9 @@ def execute(self, *args, **kwargs):
         if not self.buildroot.mounts.essential_mounted:
             self.buildroot.mounts.mountall_essential()
             pm_umount = True
+
+        self.buildroot.mounts.mount_bootstrap()
+
         # intentionally we do not call bootstrap hook here - it does not have sense
         env = self.config['environment'].copy()
         env.update(util.get_proxy_environment(self.config))
@@ -268,6 +271,8 @@ def execute(self, *args, **kwargs):
             except Error as e:
                 error = YumError(str(e))
 
+        self.buildroot.mounts.umount_bootstrap()
+
         if pm_umount:
             self.buildroot.mounts.umountall_essential()
 

diff --git a/mock/py/mockbuild/uid.py b/mock/py/mockbuild/uid.py
@@ -11,6 +11,7 @@
 import os
 import pwd
 from concurrent.futures import ProcessPoolExecutor
+from contextlib import contextmanager
 
 from .trace_decorator import traceLog
 
@@ -60,6 +61,15 @@ def __enter__(self):
     def __exit__(self, exc_type, exc_val, exc_tb):
         self.restorePrivs()
 
+    @contextmanager
+    def elevated_privileges(self):
+        self._push()
+        self._elevatePrivs()
+        try:
+            yield
+        finally:
+            self.restorePrivs()
+
     @traceLog()
     def becomeUser(self, uid, gid=-1):
         # save current ruid, euid, rgid, egid