Ophestra
09d2844981
All checks were successful
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 2m7s
Test / Hakurei (push) Successful in 3m8s
Test / Hpkg (push) Successful in 3m59s
Test / Sandbox (race detector) (push) Successful in 4m26s
Test / Hakurei (race detector) (push) Successful in 5m6s
Test / Flake checks (push) Successful in 1m26s
This allows tests to stub all kernel behaviour, enabling measurement of all function call arguments and error injection. Signed-off-by: Ophestra <cat@gensokyo.uk>
96 lines
2.3 KiB
Go
96 lines
2.3 KiB
Go
package container
|
|
|
|
import (
|
|
"encoding/gob"
|
|
"fmt"
|
|
"io/fs"
|
|
)
|
|
|
|
func init() { gob.Register(new(AutoRootOp)) }
|
|
|
|
// Root appends an [Op] that expands a directory into a toplevel bind mount mirror on container root.
|
|
// This is not a generic setup op. It is implemented here to reduce ipc overhead.
|
|
func (f *Ops) Root(host *Absolute, prefix string, flags int) *Ops {
|
|
*f = append(*f, &AutoRootOp{host, prefix, flags, nil})
|
|
return f
|
|
}
|
|
|
|
type AutoRootOp struct {
|
|
Host *Absolute
|
|
Prefix string
|
|
// passed through to bindMount
|
|
Flags int
|
|
|
|
// obtained during early;
|
|
// these wrap the underlying Op because BindMountOp is relatively complex,
|
|
// so duplicating that code would be unwise
|
|
resolved []Op
|
|
}
|
|
|
|
func (r *AutoRootOp) Valid() bool { return r != nil && r.Host != nil }
|
|
|
|
func (r *AutoRootOp) early(state *setupState, k syscallDispatcher) error {
|
|
if d, err := k.readdir(r.Host.String()); err != nil {
|
|
return wrapErrSelf(err)
|
|
} else {
|
|
r.resolved = make([]Op, 0, len(d))
|
|
for _, ent := range d {
|
|
name := ent.Name()
|
|
if IsAutoRootBindable(name) {
|
|
op := &BindMountOp{
|
|
Source: r.Host.Append(name),
|
|
Target: AbsFHSRoot.Append(name),
|
|
Flags: r.Flags,
|
|
}
|
|
if err = op.early(state, k); err != nil {
|
|
return err
|
|
}
|
|
r.resolved = append(r.resolved, op)
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func (r *AutoRootOp) apply(state *setupState, k syscallDispatcher) error {
|
|
if state.nonrepeatable&nrAutoRoot != 0 {
|
|
return msg.WrapErr(fs.ErrInvalid, "autoroot is not repeatable")
|
|
}
|
|
state.nonrepeatable |= nrAutoRoot
|
|
|
|
for _, op := range r.resolved {
|
|
k.verbosef("%s %s", op.prefix(), op)
|
|
if err := op.apply(state, k); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (r *AutoRootOp) Is(op Op) bool {
|
|
vr, ok := op.(*AutoRootOp)
|
|
return ok && r.Valid() && vr.Valid() &&
|
|
r.Host.Is(vr.Host) &&
|
|
r.Prefix == vr.Prefix &&
|
|
r.Flags == vr.Flags
|
|
}
|
|
func (*AutoRootOp) prefix() string { return "setting up" }
|
|
func (r *AutoRootOp) String() string {
|
|
return fmt.Sprintf("auto root %q prefix %s flags %#x", r.Host, r.Prefix, r.Flags)
|
|
}
|
|
|
|
// IsAutoRootBindable returns whether a dir entry name is selected for AutoRoot.
|
|
func IsAutoRootBindable(name string) bool {
|
|
switch name {
|
|
case "proc", "dev", "tmp", "mnt", "etc":
|
|
|
|
case "": // guard against accidentally binding /
|
|
// should be unreachable
|
|
msg.Verbose("got unexpected root entry")
|
|
|
|
default:
|
|
return true
|
|
}
|
|
return false
|
|
}
|