youki/src/rootfs.rs

//! During kernel initialization, a minimal replica of the ramfs filesystem is loaded, called rootfs.
//! Most systems mount another filesystem over it

use std::fs::OpenOptions;
use std::fs::{canonicalize, create_dir_all, remove_file};
use std::os::unix::fs::symlink;
use std::path::{Path, PathBuf};

use anyhow::{bail, Context, Result};
use nix::errno::Errno;
use nix::fcntl::{open, OFlag};
use nix::mount::mount as nix_mount;
use nix::mount::MsFlags;
use nix::sys::stat::Mode;
use nix::sys::stat::{mknod, umask};
use nix::unistd::{chdir, chown, close, getcwd};
use nix::unistd::{Gid, Uid};

use crate::utils::PathBufExt;
use oci_spec::{LinuxDevice, LinuxDeviceType, Mount, Spec};

pub fn prepare_rootfs(spec: &Spec, rootfs: &Path, bind_devices: bool) -> Result<()> {
    let mut flags = MsFlags::MS_REC;

    let linux = spec.linux.as_ref().context("no linux in spec")?;
    match linux
        .rootfs_propagation
        .as_ref()
        .context("no rootfs_propagation in spec")?
        .as_str()
    {
        "shared" => flags |= MsFlags::MS_SHARED,
        "private" => flags |= MsFlags::MS_PRIVATE,
        "slave" | "" => flags |= MsFlags::MS_SLAVE,
        _ => panic!(),
    }

    nix_mount(None::<&str>, "/", None::<&str>, flags, None::<&str>)?;

    log::debug!("mount root fs {:?}", rootfs);
    nix_mount::<Path, Path, str, str>(
        Some(rootfs),
        rootfs,
        None::<&str>,
        MsFlags::MS_BIND | MsFlags::MS_REC,
        None::<&str>,
    )?;

    for m in spec.mounts.as_ref().context("no mounts in spec")?.iter() {
        let (flags, data) = parse_mount(m);
        let ml = linux
            .mount_label
            .as_ref()
            .context("no mount_label in spec")?;
        if m.typ.as_ref().context("no type in mount spec")? == "cgroup" {
            // skip
            log::warn!("A feature of cgroup is unimplemented.");
        } else if m.destination == PathBuf::from("/dev") {
            mount_to_container(m, rootfs, flags & !MsFlags::MS_RDONLY, &data, ml)?;
        } else {
            mount_to_container(m, rootfs, flags, &data, ml)?;
        }
    }

    let olddir = getcwd()?;
    chdir(rootfs)?;

    setup_default_symlinks(rootfs)?;
    create_devices(
        linux.devices.as_ref().context("no devices in spec")?,
        bind_devices,
    )?;
    setup_ptmx(rootfs)?;

    chdir(&olddir)?;

    Ok(())
}

fn setup_ptmx(rootfs: &Path) -> Result<()> {
    if let Err(e) = remove_file(rootfs.join("dev/ptmx")) {
        if e.kind() != ::std::io::ErrorKind::NotFound {
            bail!("could not delete /dev/ptmx")
        }
    }
    symlink("pts/ptmx", rootfs.join("dev/ptmx"))?;
    Ok(())
}

fn setup_default_symlinks(rootfs: &Path) -> Result<()> {
    if Path::new("/proc/kcore").exists() {
        symlink("/proc/kcore", "dev/kcore")?;
    }

    let defaults = [
        ("/proc/self/fd", "dev/fd"),
        ("/proc/self/fd/0", "dev/stdin"),
        ("/proc/self/fd/1", "dev/stdout"),
        ("/proc/self/fd/2", "dev/stderr"),
    ];
    for &(src, dst) in defaults.iter() {
        symlink(src, rootfs.join(dst))?;
    }
    Ok(())
}

pub fn default_devices() -> Vec<LinuxDevice> {
    vec![
        LinuxDevice {
            path: PathBuf::from("/dev/null"),
            typ: LinuxDeviceType::C,
            major: 1,
            minor: 3,
            file_mode: Some(0o066),
            uid: None,
            gid: None,
        },
        LinuxDevice {
            path: PathBuf::from("/dev/zero"),
            typ: LinuxDeviceType::C,
            major: 1,
            minor: 5,
            file_mode: Some(0o066),
            uid: None,
            gid: None,
        },
        LinuxDevice {
            path: PathBuf::from("/dev/full"),
            typ: LinuxDeviceType::C,
            major: 1,
            minor: 7,
            file_mode: Some(0o066),
            uid: None,
            gid: None,
        },
        LinuxDevice {
            path: PathBuf::from("/dev/tty"),
            typ: LinuxDeviceType::C,
            major: 5,
            minor: 0,
            file_mode: Some(0o066),
            uid: None,
            gid: None,
        },
        LinuxDevice {
            path: PathBuf::from("/dev/urandom"),
            typ: LinuxDeviceType::C,
            major: 1,
            minor: 9,
            file_mode: Some(0o066),
            uid: None,
            gid: None,
        },
        LinuxDevice {
            path: PathBuf::from("/dev/random"),
            typ: LinuxDeviceType::C,
            major: 1,
            minor: 8,
            file_mode: Some(0o066),
            uid: None,
            gid: None,
        },
    ]
}

fn create_devices(devices: &[LinuxDevice], bind: bool) -> Result<()> {
    let old_mode = umask(Mode::from_bits_truncate(0o000));
    if bind {
        let _ = default_devices()
            .iter()
            .chain(devices)
            .map(|dev| {
                if !dev.path.starts_with("/dev") {
                    panic!("{} is not a valid device path", dev.path.display());
                }
                bind_dev(dev)
            })
            .collect::<Result<Vec<_>>>()?;
    } else {
        default_devices()
            .iter()
            .chain(devices)
            .map(|dev| {
                if !dev.path.starts_with("/dev") {
                    panic!("{} is not a valid device path", dev.path.display());
                }
                mknod_dev(dev)
            })
            .collect::<Result<Vec<_>>>()?;
    }
    umask(old_mode);
    Ok(())
}

fn bind_dev(dev: &LinuxDevice) -> Result<()> {
    let fd = open(
        &dev.path.as_in_container()?,
        OFlag::O_RDWR | OFlag::O_CREAT,
        Mode::from_bits_truncate(0o644),
    )?;
    close(fd)?;
    nix_mount(
        Some(&*dev.path.as_in_container()?),
        &dev.path,
        None::<&str>,
        MsFlags::MS_BIND,
        None::<&str>,
    )?;
    Ok(())
}

fn mknod_dev(dev: &LinuxDevice) -> Result<()> {
    fn makedev(major: i64, minor: i64) -> u64 {
        ((minor & 0xff)
            | ((major & 0xfff) << 8)
            | ((minor & !0xff) << 12)
            | ((major & !0xfff) << 32)) as u64
    }

    mknod(
        &dev.path.as_in_container()?,
        dev.typ.to_sflag()?,
        Mode::from_bits_truncate(dev.file_mode.unwrap_or(0)),
        makedev(dev.major, dev.minor),
    )?;
    chown(
        &dev.path.as_in_container()?,
        dev.uid.map(Uid::from_raw),
        dev.gid.map(Gid::from_raw),
    )?;
    Ok(())
}

fn mount_to_container(
    m: &Mount,
    rootfs: &Path,
    flags: MsFlags,
    data: &str,
    label: &str,
) -> Result<()> {
    let typ = m.typ.as_ref().context("no type in mount spec")?;
    let d = if !label.is_empty() && typ != "proc" && typ != "sysfs" {
        if data.is_empty() {
            format!("context=\"{}\"", label)
        } else {
            format!("{},context=\"{}\"", data, label)
        }
    } else {
        data.to_string()
    };

    let dest_for_host = format!(
        "{}{}",
        rootfs.to_string_lossy().into_owned(),
        m.destination.display()
    );
    let dest = Path::new(&dest_for_host);

    let source = &m.source.as_ref().context("no source in mount spec")?;
    let src = if typ == "bind" {
        let src = canonicalize(source)?;
        let dir = if src.is_file() {
            Path::new(&dest).parent().unwrap()
        } else {
            Path::new(&dest)
        };
        create_dir_all(&dir).unwrap();
        if src.is_file() {
            OpenOptions::new()
                .create(true)
                .write(true)
                .open(&dest)
                .unwrap();
        }
        src
    } else {
        create_dir_all(&dest).unwrap();
        PathBuf::from(source)
    };

    if let Err(errno) = nix_mount(Some(&*src), dest, Some(&*typ.as_str()), flags, Some(&*d)) {
        if !matches!(errno, Errno::EINVAL) {
            bail!("mount of {} failed", m.destination.display());
        }
        nix_mount(Some(&*src), dest, Some(&*typ.as_str()), flags, Some(data))?;
    }
    if flags.contains(MsFlags::MS_BIND)
        && flags.intersects(
            !(MsFlags::MS_REC
                | MsFlags::MS_REMOUNT
                | MsFlags::MS_BIND
                | MsFlags::MS_PRIVATE
                | MsFlags::MS_SHARED
                | MsFlags::MS_SLAVE),
        )
    {
        nix_mount(
            Some(&*dest),
            &*dest,
            None::<&str>,
            flags | MsFlags::MS_REMOUNT,
            None::<&str>,
        )?;
    }
    Ok(())
}

fn parse_mount(m: &Mount) -> (MsFlags, String) {
    let mut flags = MsFlags::empty();
    let mut data = Vec::new();
    if let Some(options) = &m.options {
        for s in options {
            if let Some((is_clear, flag)) = match s.as_str() {
                "defaults" => Some((false, MsFlags::empty())),
                "ro" => Some((false, MsFlags::MS_RDONLY)),
                "rw" => Some((true, MsFlags::MS_RDONLY)),
                "suid" => Some((true, MsFlags::MS_NOSUID)),
                "nosuid" => Some((false, MsFlags::MS_NOSUID)),
                "dev" => Some((true, MsFlags::MS_NODEV)),
                "nodev" => Some((false, MsFlags::MS_NODEV)),
                "exec" => Some((true, MsFlags::MS_NOEXEC)),
                "noexec" => Some((false, MsFlags::MS_NOEXEC)),
                "sync" => Some((false, MsFlags::MS_SYNCHRONOUS)),
                "async" => Some((true, MsFlags::MS_SYNCHRONOUS)),
                "dirsync" => Some((false, MsFlags::MS_DIRSYNC)),
                "remount" => Some((false, MsFlags::MS_REMOUNT)),
                "mand" => Some((false, MsFlags::MS_MANDLOCK)),
                "nomand" => Some((true, MsFlags::MS_MANDLOCK)),
                "atime" => Some((true, MsFlags::MS_NOATIME)),
                "noatime" => Some((false, MsFlags::MS_NOATIME)),
                "diratime" => Some((true, MsFlags::MS_NODIRATIME)),
                "nodiratime" => Some((false, MsFlags::MS_NODIRATIME)),
                "bind" => Some((false, MsFlags::MS_BIND)),
                "rbind" => Some((false, MsFlags::MS_BIND | MsFlags::MS_REC)),
                "unbindable" => Some((false, MsFlags::MS_UNBINDABLE)),
                "runbindable" => Some((false, MsFlags::MS_UNBINDABLE | MsFlags::MS_REC)),
                "private" => Some((false, MsFlags::MS_PRIVATE)),
                "rprivate" => Some((false, MsFlags::MS_PRIVATE | MsFlags::MS_REC)),
                "shared" => Some((false, MsFlags::MS_SHARED)),
                "rshared" => Some((false, MsFlags::MS_SHARED | MsFlags::MS_REC)),
                "slave" => Some((false, MsFlags::MS_SLAVE)),
                "rslave" => Some((false, MsFlags::MS_SLAVE | MsFlags::MS_REC)),
                "relatime" => Some((false, MsFlags::MS_RELATIME)),
                "norelatime" => Some((true, MsFlags::MS_RELATIME)),
                "strictatime" => Some((false, MsFlags::MS_STRICTATIME)),
                "nostrictatime" => Some((true, MsFlags::MS_STRICTATIME)),
                _ => None,
            } {
                if is_clear {
                    flags &= !flag;
                } else {
                    flags |= flag;
                }
            } else {
                data.push(s.as_str());
            };
        }
    }
    (flags, data.join(","))
}
Added doc comments for modules 2021-06-06 13:33:51 +02:00			`//! During kernel initialization, a minimal replica of the ramfs filesystem is loaded, called rootfs.`
			`//! Most systems mount another filesystem over it`

first commit! 2021-03-27 12:08:13 +01:00			`use std::fs::OpenOptions;`
			`use std::fs::{canonicalize, create_dir_all, remove_file};`
			`use std::os::unix::fs::symlink;`
			`use std::path::{Path, PathBuf};`

Generalize OCI spec root We now generalize and document the OCI `Spec` root structure. This means that some fields have been added and other are now optional. All corresponding usages of the new spec format have been changed and tests have been adapted. Signed-off-by: Sascha Grunert <sgrunert@redhat.com> 2021-07-30 12:40:45 +02:00			`use anyhow::{bail, Context, Result};`
first commit! 2021-03-27 12:08:13 +01:00			`use nix::errno::Errno;`
			`use nix::fcntl::{open, OFlag};`
traial implementation of async/await. 2021-03-31 15:53:23 +02:00			`use nix::mount::mount as nix_mount;`
introduce a command trait to enable unit testing. 2021-05-01 10:06:50 +02:00			`use nix::mount::MsFlags;`
organize functions in the rootfs file. 2021-04-07 14:28:19 +02:00			`use nix::sys::stat::Mode;`
first commit! 2021-03-27 12:08:13 +01:00			`use nix::sys::stat::{mknod, umask};`
introduce a command trait to enable unit testing. 2021-05-01 10:06:50 +02:00			`use nix::unistd::{chdir, chown, close, getcwd};`
first commit! 2021-03-27 12:08:13 +01:00			`use nix::unistd::{Gid, Uid};`

implement the extension trait to convert absolutly path to the path in container. 2021-04-07 14:07:01 +02:00			`use crate::utils::PathBufExt;`
Formatting only 2021-05-29 17:15:16 +02:00			`use oci_spec::{LinuxDevice, LinuxDeviceType, Mount, Spec};`
first commit! 2021-03-27 12:08:13 +01:00
revert asynchronous devices mounting. 2021-05-28 01:37:24 +02:00			`pub fn prepare_rootfs(spec: &Spec, rootfs: &Path, bind_devices: bool) -> Result<()> {`
first commit! 2021-03-27 12:08:13 +01:00			`let mut flags = MsFlags::MS_REC;`
Converted linux in spec from Option<Linux> to Linux As Linux has Deafult trait, all occurrences of spec.linux would always unwrap it, and not having linux present is a fetal error in youki, there is no need to keep it in an Option wrapper. 2021-07-24 06:33:49 +02:00
Generalize OCI spec root We now generalize and document the OCI `Spec` root structure. This means that some fields have been added and other are now optional. All corresponding usages of the new spec format have been changed and tests have been adapted. Signed-off-by: Sascha Grunert <sgrunert@redhat.com> 2021-07-30 12:40:45 +02:00			`let linux = spec.linux.as_ref().context("no linux in spec")?;`
Make optional types optional This adds a few missing types and synchronizes them with the implementation in containrs. Optional types are now not required any more which means that all necessary code paths in youki needs to be adapted as well. Signed-off-by: Sascha Grunert <sgrunert@redhat.com> 2021-08-04 13:41:00 +02:00			`match linux`
			`.rootfs_propagation`
			`.as_ref()`
			`.context("no rootfs_propagation in spec")?`
			`.as_str()`
			`{`
Converted linux in spec from Option<Linux> to Linux As Linux has Deafult trait, all occurrences of spec.linux would always unwrap it, and not having linux present is a fetal error in youki, there is no need to keep it in an Option wrapper. 2021-07-24 06:33:49 +02:00			`"shared" => flags \|= MsFlags::MS_SHARED,`
			`"private" => flags \|= MsFlags::MS_PRIVATE,`
			`"slave" \| "" => flags \|= MsFlags::MS_SLAVE,`
			`_ => panic!(),`
			`}`

traial implementation of async/await. 2021-03-31 15:53:23 +02:00			`nix_mount(None::<&str>, "/", None::<&str>, flags, None::<&str>)?;`
first commit! 2021-03-27 12:08:13 +01:00
			`log::debug!("mount root fs {:?}", rootfs);`
revert asynchronous devices mounting. 2021-05-28 01:37:24 +02:00			`nix_mount::<Path, Path, str, str>(`
fix the warnings found by cargo clippy. 2021-08-01 12:12:49 +02:00			`Some(rootfs),`
			`rootfs,`
first commit! 2021-03-27 12:08:13 +01:00			`None::<&str>,`
			`MsFlags::MS_BIND \| MsFlags::MS_REC,`
			`None::<&str>,`
			`)?;`

Generalize OCI spec root We now generalize and document the OCI `Spec` root structure. This means that some fields have been added and other are now optional. All corresponding usages of the new spec format have been changed and tests have been adapted. Signed-off-by: Sascha Grunert <sgrunert@redhat.com> 2021-07-30 12:40:45 +02:00			`for m in spec.mounts.as_ref().context("no mounts in spec")?.iter() {`
fix the warnings found by cargo clippy. 2021-08-01 12:12:49 +02:00			`let (flags, data) = parse_mount(m);`
Make optional types optional This adds a few missing types and synchronizes them with the implementation in containrs. Optional types are now not required any more which means that all necessary code paths in youki needs to be adapted as well. Signed-off-by: Sascha Grunert <sgrunert@redhat.com> 2021-08-04 13:41:00 +02:00			`let ml = linux`
			`.mount_label`
			`.as_ref()`
			`.context("no mount_label in spec")?;`
			`if m.typ.as_ref().context("no type in mount spec")? == "cgroup" {`
first commit! 2021-03-27 12:08:13 +01:00			`// skip`
Fixed spelling mistake in src/rootfs.rs 2021-06-06 10:15:35 +02:00			`log::warn!("A feature of cgroup is unimplemented.");`
first commit! 2021-03-27 12:08:13 +01:00			`} else if m.destination == PathBuf::from("/dev") {`
fix the warnings found by cargo clippy. 2021-08-01 12:12:49 +02:00			`mount_to_container(m, rootfs, flags & !MsFlags::MS_RDONLY, &data, ml)?;`
first commit! 2021-03-27 12:08:13 +01:00			`} else {`
fix the warnings found by cargo clippy. 2021-08-01 12:12:49 +02:00			`mount_to_container(m, rootfs, flags, &data, ml)?;`
first commit! 2021-03-27 12:08:13 +01:00			`}`
			`}`
traial implementation of async/await. 2021-03-31 15:53:23 +02:00
first commit! 2021-03-27 12:08:13 +01:00			`let olddir = getcwd()?;`
revert asynchronous devices mounting. 2021-05-28 01:37:24 +02:00			`chdir(rootfs)?;`
first commit! 2021-03-27 12:08:13 +01:00
revert asynchronous devices mounting. 2021-05-28 01:37:24 +02:00			`setup_default_symlinks(rootfs)?;`
Make optional types optional This adds a few missing types and synchronizes them with the implementation in containrs. Optional types are now not required any more which means that all necessary code paths in youki needs to be adapted as well. Signed-off-by: Sascha Grunert <sgrunert@redhat.com> 2021-08-04 13:41:00 +02:00			`create_devices(`
			`linux.devices.as_ref().context("no devices in spec")?,`
			`bind_devices,`
			`)?;`
revert asynchronous devices mounting. 2021-05-28 01:37:24 +02:00			`setup_ptmx(rootfs)?;`
first commit! 2021-03-27 12:08:13 +01:00
			`chdir(&olddir)?;`

			`Ok(())`
			`}`

traial implementation of async/await. 2021-03-31 15:53:23 +02:00			`fn setup_ptmx(rootfs: &Path) -> Result<()> {`
first commit! 2021-03-27 12:08:13 +01:00			`if let Err(e) = remove_file(rootfs.join("dev/ptmx")) {`
			`if e.kind() != ::std::io::ErrorKind::NotFound {`
make mount using async. 2021-03-30 15:04:03 +02:00			`bail!("could not delete /dev/ptmx")`
first commit! 2021-03-27 12:08:13 +01:00			`}`
			`}`
			`symlink("pts/ptmx", rootfs.join("dev/ptmx"))?;`
			`Ok(())`
			`}`

fix the warnings that teaching by the clippy. 2021-04-05 15:57:30 +02:00			`fn setup_default_symlinks(rootfs: &Path) -> Result<()> {`
first commit! 2021-03-27 12:08:13 +01:00			`if Path::new("/proc/kcore").exists() {`
			`symlink("/proc/kcore", "dev/kcore")?;`
			`}`

			`let defaults = [`
			`("/proc/self/fd", "dev/fd"),`
			`("/proc/self/fd/0", "dev/stdin"),`
			`("/proc/self/fd/1", "dev/stdout"),`
			`("/proc/self/fd/2", "dev/stderr"),`
			`];`
			`for &(src, dst) in defaults.iter() {`
			`symlink(src, rootfs.join(dst))?;`
			`}`
			`Ok(())`
			`}`

implement the access limit of devices using cgroups. 2021-04-11 15:01:14 +02:00			`pub fn default_devices() -> Vec<LinuxDevice> {`
			`vec![`
organize functions in the rootfs file. 2021-04-07 14:28:19 +02:00			`LinuxDevice {`
			`path: PathBuf::from("/dev/null"),`
			`typ: LinuxDeviceType::C,`
			`major: 1,`
			`minor: 3,`
			`file_mode: Some(0o066),`
			`uid: None,`
			`gid: None,`
			`},`
			`LinuxDevice {`
			`path: PathBuf::from("/dev/zero"),`
			`typ: LinuxDeviceType::C,`
			`major: 1,`
			`minor: 5,`
			`file_mode: Some(0o066),`
			`uid: None,`
			`gid: None,`
			`},`
			`LinuxDevice {`
			`path: PathBuf::from("/dev/full"),`
			`typ: LinuxDeviceType::C,`
			`major: 1,`
			`minor: 7,`
			`file_mode: Some(0o066),`
			`uid: None,`
			`gid: None,`
			`},`
			`LinuxDevice {`
			`path: PathBuf::from("/dev/tty"),`
			`typ: LinuxDeviceType::C,`
			`major: 5,`
			`minor: 0,`
			`file_mode: Some(0o066),`
			`uid: None,`
			`gid: None,`
			`},`
			`LinuxDevice {`
			`path: PathBuf::from("/dev/urandom"),`
			`typ: LinuxDeviceType::C,`
			`major: 1,`
			`minor: 9,`
			`file_mode: Some(0o066),`
			`uid: None,`
			`gid: None,`
			`},`
			`LinuxDevice {`
			`path: PathBuf::from("/dev/random"),`
			`typ: LinuxDeviceType::C,`
			`major: 1,`
			`minor: 8,`
			`file_mode: Some(0o066),`
			`uid: None,`
			`gid: None,`
			`},`
			`]`
			`}`

revert async/await because it was unstable. 2021-05-15 09:35:31 +02:00			`fn create_devices(devices: &[LinuxDevice], bind: bool) -> Result<()> {`
first commit! 2021-03-27 12:08:13 +01:00			`let old_mode = umask(Mode::from_bits_truncate(0o000));`
			`if bind {`
revert async/await because it was unstable. 2021-05-15 09:35:31 +02:00			`let _ = default_devices()`
			`.iter()`
			`.chain(devices)`
			`.map(\|dev\| {`
			`if !dev.path.starts_with("/dev") {`
			`panic!("{} is not a valid device path", dev.path.display());`
			`}`
			`bind_dev(dev)`
			`})`
			`.collect::<Result<Vec<_>>>()?;`
first commit! 2021-03-27 12:08:13 +01:00			`} else {`
revert async/await because it was unstable. 2021-05-15 09:35:31 +02:00			`default_devices()`
			`.iter()`
			`.chain(devices)`
			`.map(\|dev\| {`
			`if !dev.path.starts_with("/dev") {`
			`panic!("{} is not a valid device path", dev.path.display());`
			`}`
			`mknod_dev(dev)`
			`})`
			`.collect::<Result<Vec<_>>>()?;`
first commit! 2021-03-27 12:08:13 +01:00			`}`
			`umask(old_mode);`
			`Ok(())`
			`}`

revert async/await because it was unstable. 2021-05-15 09:35:31 +02:00			`fn bind_dev(dev: &LinuxDevice) -> Result<()> {`
first commit! 2021-03-27 12:08:13 +01:00			`let fd = open(`
implement the extension trait to convert absolutly path to the path in container. 2021-04-07 14:07:01 +02:00			`&dev.path.as_in_container()?,`
first commit! 2021-03-27 12:08:13 +01:00			`OFlag::O_RDWR \| OFlag::O_CREAT,`
			`Mode::from_bits_truncate(0o644),`
			`)?;`
			`close(fd)?;`
traial implementation of async/await. 2021-03-31 15:53:23 +02:00			`nix_mount(`
implement the extension trait to convert absolutly path to the path in container. 2021-04-07 14:07:01 +02:00			`Some(&*dev.path.as_in_container()?),`
			`&dev.path,`
first commit! 2021-03-27 12:08:13 +01:00			`None::<&str>,`
			`MsFlags::MS_BIND,`
			`None::<&str>,`
			`)?;`
			`Ok(())`
			`}`

revert async/await because it was unstable. 2021-05-15 09:35:31 +02:00			`fn mknod_dev(dev: &LinuxDevice) -> Result<()> {`
Make optional types optional This adds a few missing types and synchronizes them with the implementation in containrs. Optional types are now not required any more which means that all necessary code paths in youki needs to be adapted as well. Signed-off-by: Sascha Grunert <sgrunert@redhat.com> 2021-08-04 13:41:00 +02:00			`fn makedev(major: i64, minor: i64) -> u64 {`
			`((minor & 0xff)`
			`\| ((major & 0xfff) << 8)`
			`\| ((minor & !0xff) << 12)`
			`\| ((major & !0xfff) << 32)) as u64`
first commit! 2021-03-27 12:08:13 +01:00			`}`

			`mknod(`
implement the extension trait to convert absolutly path to the path in container. 2021-04-07 14:07:01 +02:00			`&dev.path.as_in_container()?,`
organize functions in the rootfs file. 2021-04-07 14:28:19 +02:00			`dev.typ.to_sflag()?,`
first commit! 2021-03-27 12:08:13 +01:00			`Mode::from_bits_truncate(dev.file_mode.unwrap_or(0)),`
			`makedev(dev.major, dev.minor),`
			`)?;`
			`chown(`
implement the extension trait to convert absolutly path to the path in container. 2021-04-07 14:07:01 +02:00			`&dev.path.as_in_container()?,`
first commit! 2021-03-27 12:08:13 +01:00			`dev.uid.map(Uid::from_raw),`
			`dev.gid.map(Gid::from_raw),`
			`)?;`
			`Ok(())`
			`}`

traial implementation of async/await. 2021-03-31 15:53:23 +02:00			`fn mount_to_container(`
			`m: &Mount,`
fix the warnings that teaching by the clippy. 2021-04-05 15:57:30 +02:00			`rootfs: &Path,`
traial implementation of async/await. 2021-03-31 15:53:23 +02:00			`flags: MsFlags,`
			`data: &str,`
			`label: &str,`
			`) -> Result<()> {`
Make optional types optional This adds a few missing types and synchronizes them with the implementation in containrs. Optional types are now not required any more which means that all necessary code paths in youki needs to be adapted as well. Signed-off-by: Sascha Grunert <sgrunert@redhat.com> 2021-08-04 13:41:00 +02:00			`let typ = m.typ.as_ref().context("no type in mount spec")?;`
			`let d = if !label.is_empty() && typ != "proc" && typ != "sysfs" {`
first commit! 2021-03-27 12:08:13 +01:00			`if data.is_empty() {`
traial implementation of async/await. 2021-03-31 15:53:23 +02:00			`format!("context=\"{}\"", label)`
first commit! 2021-03-27 12:08:13 +01:00			`} else {`
traial implementation of async/await. 2021-03-31 15:53:23 +02:00			`format!("{},context=\"{}\"", data, label)`
first commit! 2021-03-27 12:08:13 +01:00			`}`
			`} else {`
traial implementation of async/await. 2021-03-31 15:53:23 +02:00			`data.to_string()`
			`};`
first commit! 2021-03-27 12:08:13 +01:00
			`let dest_for_host = format!(`
			`"{}{}",`
			`rootfs.to_string_lossy().into_owned(),`
			`m.destination.display()`
			`);`
			`let dest = Path::new(&dest_for_host);`

Make optional types optional This adds a few missing types and synchronizes them with the implementation in containrs. Optional types are now not required any more which means that all necessary code paths in youki needs to be adapted as well. Signed-off-by: Sascha Grunert <sgrunert@redhat.com> 2021-08-04 13:41:00 +02:00			`let source = &m.source.as_ref().context("no source in mount spec")?;`
			`let src = if typ == "bind" {`
			`let src = canonicalize(source)?;`
first commit! 2021-03-27 12:08:13 +01:00			`let dir = if src.is_file() {`
			`Path::new(&dest).parent().unwrap()`
			`} else {`
			`Path::new(&dest)`
			`};`
			`create_dir_all(&dir).unwrap();`
			`if src.is_file() {`
			`OpenOptions::new()`
			`.create(true)`
			`.write(true)`
			`.open(&dest)`
			`.unwrap();`
			`}`
			`src`
			`} else {`
			`create_dir_all(&dest).unwrap();`
Make optional types optional This adds a few missing types and synchronizes them with the implementation in containrs. Optional types are now not required any more which means that all necessary code paths in youki needs to be adapted as well. Signed-off-by: Sascha Grunert <sgrunert@redhat.com> 2021-08-04 13:41:00 +02:00			`PathBuf::from(source)`
first commit! 2021-03-27 12:08:13 +01:00			`};`

Make optional types optional This adds a few missing types and synchronizes them with the implementation in containrs. Optional types are now not required any more which means that all necessary code paths in youki needs to be adapted as well. Signed-off-by: Sascha Grunert <sgrunert@redhat.com> 2021-08-04 13:41:00 +02:00			`if let Err(errno) = nix_mount(Some(&src), dest, Some(&typ.as_str()), flags, Some(&*d)) {`
bump up to nix-0.22.0 2021-07-27 10:19:55 +02:00			`if !matches!(errno, Errno::EINVAL) {`
make mount using async. 2021-03-30 15:04:03 +02:00			`bail!("mount of {} failed", m.destination.display());`
first commit! 2021-03-27 12:08:13 +01:00			`}`
Make optional types optional This adds a few missing types and synchronizes them with the implementation in containrs. Optional types are now not required any more which means that all necessary code paths in youki needs to be adapted as well. Signed-off-by: Sascha Grunert <sgrunert@redhat.com> 2021-08-04 13:41:00 +02:00			`nix_mount(Some(&src), dest, Some(&typ.as_str()), flags, Some(data))?;`
first commit! 2021-03-27 12:08:13 +01:00			`}`
			`if flags.contains(MsFlags::MS_BIND)`
			`&& flags.intersects(`
			`!(MsFlags::MS_REC`
			`\| MsFlags::MS_REMOUNT`
			`\| MsFlags::MS_BIND`
			`\| MsFlags::MS_PRIVATE`
			`\| MsFlags::MS_SHARED`
			`\| MsFlags::MS_SLAVE),`
			`)`
			`{`
traial implementation of async/await. 2021-03-31 15:53:23 +02:00			`nix_mount(`
first commit! 2021-03-27 12:08:13 +01:00			`Some(&*dest),`
			`&*dest,`
			`None::<&str>,`
			`flags \| MsFlags::MS_REMOUNT,`
			`None::<&str>,`
			`)?;`
			`}`
			`Ok(())`
			`}`

			`fn parse_mount(m: &Mount) -> (MsFlags, String) {`
			`let mut flags = MsFlags::empty();`
			`let mut data = Vec::new();`
Make optional types optional This adds a few missing types and synchronizes them with the implementation in containrs. Optional types are now not required any more which means that all necessary code paths in youki needs to be adapted as well. Signed-off-by: Sascha Grunert <sgrunert@redhat.com> 2021-08-04 13:41:00 +02:00			`if let Some(options) = &m.options {`
			`for s in options {`
			`if let Some((is_clear, flag)) = match s.as_str() {`
			`"defaults" => Some((false, MsFlags::empty())),`
			`"ro" => Some((false, MsFlags::MS_RDONLY)),`
			`"rw" => Some((true, MsFlags::MS_RDONLY)),`
			`"suid" => Some((true, MsFlags::MS_NOSUID)),`
			`"nosuid" => Some((false, MsFlags::MS_NOSUID)),`
			`"dev" => Some((true, MsFlags::MS_NODEV)),`
			`"nodev" => Some((false, MsFlags::MS_NODEV)),`
			`"exec" => Some((true, MsFlags::MS_NOEXEC)),`
			`"noexec" => Some((false, MsFlags::MS_NOEXEC)),`
			`"sync" => Some((false, MsFlags::MS_SYNCHRONOUS)),`
			`"async" => Some((true, MsFlags::MS_SYNCHRONOUS)),`
			`"dirsync" => Some((false, MsFlags::MS_DIRSYNC)),`
			`"remount" => Some((false, MsFlags::MS_REMOUNT)),`
			`"mand" => Some((false, MsFlags::MS_MANDLOCK)),`
			`"nomand" => Some((true, MsFlags::MS_MANDLOCK)),`
			`"atime" => Some((true, MsFlags::MS_NOATIME)),`
			`"noatime" => Some((false, MsFlags::MS_NOATIME)),`
			`"diratime" => Some((true, MsFlags::MS_NODIRATIME)),`
			`"nodiratime" => Some((false, MsFlags::MS_NODIRATIME)),`
			`"bind" => Some((false, MsFlags::MS_BIND)),`
			`"rbind" => Some((false, MsFlags::MS_BIND \| MsFlags::MS_REC)),`
			`"unbindable" => Some((false, MsFlags::MS_UNBINDABLE)),`
			`"runbindable" => Some((false, MsFlags::MS_UNBINDABLE \| MsFlags::MS_REC)),`
			`"private" => Some((false, MsFlags::MS_PRIVATE)),`
			`"rprivate" => Some((false, MsFlags::MS_PRIVATE \| MsFlags::MS_REC)),`
			`"shared" => Some((false, MsFlags::MS_SHARED)),`
			`"rshared" => Some((false, MsFlags::MS_SHARED \| MsFlags::MS_REC)),`
			`"slave" => Some((false, MsFlags::MS_SLAVE)),`
			`"rslave" => Some((false, MsFlags::MS_SLAVE \| MsFlags::MS_REC)),`
			`"relatime" => Some((false, MsFlags::MS_RELATIME)),`
			`"norelatime" => Some((true, MsFlags::MS_RELATIME)),`
			`"strictatime" => Some((false, MsFlags::MS_STRICTATIME)),`
			`"nostrictatime" => Some((true, MsFlags::MS_STRICTATIME)),`
			`_ => None,`
			`} {`
			`if is_clear {`
			`flags &= !flag;`
			`} else {`
			`flags \|= flag;`
			`}`
first commit! 2021-03-27 12:08:13 +01:00			`} else {`
Make optional types optional This adds a few missing types and synchronizes them with the implementation in containrs. Optional types are now not required any more which means that all necessary code paths in youki needs to be adapted as well. Signed-off-by: Sascha Grunert <sgrunert@redhat.com> 2021-08-04 13:41:00 +02:00			`data.push(s.as_str());`
			`};`
			`}`
first commit! 2021-03-27 12:08:13 +01:00			`}`
			`(flags, data.join(","))`
			`}`