Update cap-std-ext, use new open_dir_noxdev API

I moved the code there; I plan to use open_dir_noxdev in
the tmpfiles code too which can't depend on lib/util.

Signed-off-by: Colin Walters <[email protected]>

Author: cgwalters

Cargo.lock

@@ -58,7 +58,7 @@ use crate::progress_jsonl::ProgressWriter;
 use crate::spec::ImageReference;
 use crate::store::Storage;
 use crate::task::Task;
-use crate::utils::{open_dir_noxdev, sigpolicy_from_opt};
+use crate::utils::sigpolicy_from_opt;
 
 /// The toplevel boot directory
 const BOOT: &str = "boot";
@@ -1579,7 +1579,7 @@ fn remove_all_in_dir_no_xdev(d: &Dir, mount_err: bool) -> Result<()> {
         let name = entry.file_name();
         let etype = entry.file_type()?;
         if etype == FileType::dir() {
-            if let Some(subdir) = open_dir_noxdev(d, &name)? {
+            if let Some(subdir) = d.open_dir_noxdev(&name)? {
                 remove_all_in_dir_no_xdev(&subdir, mount_err)?;
                 d.remove_dir(&name)?;
             } else if mount_err {

lib/src/install.rs

@@ -314,7 +314,7 @@ fn check_utf8(dir: &Dir) -> LintResult {
                 return lint_err(format!("/{strname}: Found non-utf8 symlink target"));
             }
         } else if ifmt.is_dir() {
-            let Some(subdir) = crate::utils::open_dir_noxdev(dir, entry.file_name())? else {
+            let Some(subdir) = dir.open_dir_noxdev(entry.file_name())? else {
                 continue;
             };
             if let Err(err) = check_utf8(&subdir)? {

lib/src/lints.rs

@@ -1,7 +1,6 @@
 use std::future::Future;
 use std::io::Write;
-use std::os::fd::{AsFd, BorrowedFd, OwnedFd};
-use std::path::Path;
+use std::os::fd::BorrowedFd;
 use std::process::Command;
 use std::time::Duration;
 
@@ -17,7 +16,6 @@ use libsystemd::logging::journal_print;
 use ostree::glib;
 use ostree_ext::container::SignatureSource;
 use ostree_ext::ostree;
-use rustix::path::Arg;
 
 /// Try to look for keys injected by e.g. rpm-ostree requesting machine-local
 /// changes; if any are present, return `true`.
@@ -54,33 +52,6 @@ pub(crate) fn deployment_fd(
     sysroot_dir.open_dir(&dirpath).map_err(Into::into)
 }
 
-/// A thin wrapper for [`openat2`] but that retries on interruption.
-pub fn openat2_with_retry(
-    dirfd: impl AsFd,
-    path: impl AsRef<Path>,
-    oflags: rustix::fs::OFlags,
-    mode: rustix::fs::Mode,
-    resolve: rustix::fs::ResolveFlags,
-) -> rustix::io::Result<OwnedFd> {
-    let dirfd = dirfd.as_fd();
-    let path = path.as_ref();
-    // We loop forever on EAGAIN right now. The cap-std version loops just 4 times,
-    // which seems really arbitrary.
-    path.into_with_c_str(|path_c_str| 'start: loop {
-        match rustix::fs::openat2(dirfd, path_c_str, oflags, mode, resolve) {
-            Ok(file) => {
-                return Ok(file);
-            }
-            Err(rustix::io::Errno::AGAIN | rustix::io::Errno::INTR) => {
-                continue 'start;
-            }
-            Err(e) => {
-                return Err(e);
-            }
-        }
-    })
-}
-
 /// Given an mount option string list like foo,bar=baz,something=else,ro parse it and find
 /// the first entry like $optname=
 /// This will not match a bare `optname` without an equals.
@@ -110,25 +81,6 @@ pub(crate) fn open_dir_remount_rw(root: &Dir, target: &Utf8Path) -> Result<Dir>
     root.open_dir(target).map_err(anyhow::Error::new)
 }
 
-/// Open the target directory, but return Ok(None) if this would cross a mount point.
-pub fn open_dir_noxdev(
-    parent: &Dir,
-    path: impl AsRef<std::path::Path>,
-) -> std::io::Result<Option<Dir>> {
-    use rustix::fs::{Mode, OFlags, ResolveFlags};
-    match openat2_with_retry(
-        parent,
-        path,
-        OFlags::CLOEXEC | OFlags::DIRECTORY | OFlags::NOFOLLOW,
-        Mode::empty(),
-        ResolveFlags::NO_XDEV | ResolveFlags::BENEATH,
-    ) {
-        Ok(r) => Ok(Some(Dir::reopen_dir(&r)?)),
-        Err(e) if e == rustix::io::Errno::XDEV => Ok(None),
-        Err(e) => return Err(e.into()),
-    }
-}
-
 /// Given a target path, remove its immutability if present
 #[context("Removing immutable flag from {target}")]
 pub(crate) fn remove_immutability(root: &Dir, target: &Utf8Path) -> Result<()> {
@@ -236,8 +188,6 @@ pub(crate) fn digested_pullspec(image: &str, digest: &str) -> String {
 
 #[cfg(test)]
 mod tests {
-    use cap_std_ext::cap_std;
-
     use super::*;
 
     #[test]
@@ -273,15 +223,4 @@ mod tests {
             SignatureSource::ContainerPolicyAllowInsecure
         );
     }
-
-    #[test]
-    fn test_open_noxdev() -> Result<()> {
-        let root = Dir::open_ambient_dir("/", cap_std::ambient_authority())?;
-        // This hard requires the host setup to have /usr/bin on the same filesystem as /
-        let usr = Dir::open_ambient_dir("/usr", cap_std::ambient_authority())?;
-        assert!(open_dir_noxdev(&usr, "bin").unwrap().is_some());
-        // Requires a mounted /proc, but that also seems ane.
-        assert!(open_dir_noxdev(&root, "proc").unwrap().is_none());
-        Ok(())
-    }
 }