Split out a hostexec module

cgwalters · jeckersb · commit 7517d6839be1 · 2024-06-05T09:01:14.000-04:00
We'll use this even in cases where we don't have the `install`
feature.

Signed-off-by: Colin Walters &lt;walters@verbum.org&gt;
diff --git a/lib/src/blockdev.rs b/lib/src/blockdev.rs
@@ -1,4 +1,4 @@
-use crate::install::run_in_host_mountns;
+use crate::hostexec::run_in_host_mountns;
 use crate::task::Task;
 use anyhow::{anyhow, Context, Result};
 use camino::{Utf8Path, Utf8PathBuf};
diff --git a/lib/src/cli.rs b/lib/src/cli.rs
@@ -674,7 +674,7 @@ async fn run_from_opt(opt: Opt) -> Result<()> {
         },
         #[cfg(feature = "install")]
         Opt::ExecInHostMountNamespace { args } => {
-            crate::install::exec_in_host_mountns(args.as_slice())
+            crate::hostexec::exec_in_host_mountns(args.as_slice())
         }
         Opt::Status(opts) => super::status::status(opts).await,
         Opt::Internals(opts) => match opts {
diff --git a/lib/src/hostexec.rs b/lib/src/hostexec.rs
@@ -0,0 +1,38 @@
+//! Run a command in the host mount namespace
+
+use std::os::fd::AsFd;
+use std::os::unix::process::CommandExt;
+use std::process::Command;
+
+use anyhow::{Context, Result};
+use camino::Utf8Path;
+use fn_error_context::context;
+
+/// Run a command in the host mount namespace
+pub(crate) fn run_in_host_mountns(cmd: &str) -> Command {
+    let mut c = Command::new("/proc/self/exe");
+    c.args(["exec-in-host-mount-namespace", cmd]);
+    c
+}
+
+#[context("Re-exec in host mountns")]
+pub(crate) fn exec_in_host_mountns(args: &[std::ffi::OsString]) -> Result<()> {
+    let (cmd, args) = args
+        .split_first()
+        .ok_or_else(|| anyhow::anyhow!("Missing command"))?;
+    tracing::trace!("{cmd:?} {args:?}");
+    let pid1mountns = std::fs::File::open("/proc/1/ns/mnt").context("open pid1 mountns")?;
+    nix::sched::setns(pid1mountns.as_fd(), nix::sched::CloneFlags::CLONE_NEWNS).context("setns")?;
+    rustix::process::chdir("/").context("chdir")?;
+    // Work around supermin doing chroot() and not pivot_root
+    // https://github.com/libguestfs/supermin/blob/5230e2c3cd07e82bd6431e871e239f7056bf25ad/init/init.c#L288
+    if !Utf8Path::new("/usr").try_exists().context("/usr")?
+        && Utf8Path::new("/root/usr")
+            .try_exists()
+            .context("/root/usr")?
+    {
+        tracing::debug!("Using supermin workaround");
+        rustix::process::chroot("/root").context("chroot")?;
+    }
+    Err(Command::new(cmd).args(args).exec()).context("exec")?
+}
diff --git a/lib/src/install.rs b/lib/src/install.rs
@@ -12,9 +12,7 @@ pub(crate) mod osconfig;
 
 use std::io::Write;
 use std::os::fd::AsFd;
-use std::os::unix::process::CommandExt;
 use std::path::Path;
-use std::process::Command;
 use std::str::FromStr;
 use std::sync::Arc;
 use std::time::Duration;
@@ -40,6 +38,7 @@ use serde::{Deserialize, Serialize};
 
 use self::baseline::InstallBlockDeviceOpts;
 use crate::containerenv::ContainerExecutionInfo;
+use crate::hostexec::run_in_host_mountns;
 use crate::mount::Filesystem;
 use crate::task::Task;
 use crate::utils::sigpolicy_from_opts;
@@ -727,35 +726,6 @@ async fn initialize_ostree_root_from_self(
     Ok(aleph)
 }
 
-/// Run a command in the host mount namespace
-pub(crate) fn run_in_host_mountns(cmd: &str) -> Command {
-    let mut c = Command::new("/proc/self/exe");
-    c.args(["exec-in-host-mount-namespace", cmd]);
-    c
-}
-
-#[context("Re-exec in host mountns")]
-pub(crate) fn exec_in_host_mountns(args: &[std::ffi::OsString]) -> Result<()> {
-    let (cmd, args) = args
-        .split_first()
-        .ok_or_else(|| anyhow::anyhow!("Missing command"))?;
-    tracing::trace!("{cmd:?} {args:?}");
-    let pid1mountns = std::fs::File::open("/proc/1/ns/mnt").context("open pid1 mountns")?;
-    nix::sched::setns(pid1mountns.as_fd(), nix::sched::CloneFlags::CLONE_NEWNS).context("setns")?;
-    rustix::process::chdir("/").context("chdir")?;
-    // Work around supermin doing chroot() and not pivot_root
-    // https://github.com/libguestfs/supermin/blob/5230e2c3cd07e82bd6431e871e239f7056bf25ad/init/init.c#L288
-    if !Utf8Path::new("/usr").try_exists().context("/usr")?
-        && Utf8Path::new("/root/usr")
-            .try_exists()
-            .context("/root/usr")?
-    {
-        tracing::debug!("Using supermin workaround");
-        rustix::process::chroot("/root").context("chroot")?;
-    }
-    Err(Command::new(cmd).args(args).exec()).context("exec")?
-}
-
 #[context("Querying skopeo version")]
 fn require_skopeo_with_containers_storage() -> Result<()> {
     let out = Task::new_cmd("skopeo --version", run_in_host_mountns("skopeo"))
diff --git a/lib/src/lib.rs b/lib/src/lib.rs
@@ -20,6 +20,7 @@
 pub mod cli;
 pub(crate) mod deploy;
 pub(crate) mod generator;
+pub(crate) mod hostexec;
 pub(crate) mod journal;
 mod lints;
 mod lsm;
diff --git a/lib/src/podman.rs b/lib/src/podman.rs
@@ -1,7 +1,7 @@
 use anyhow::{anyhow, Result};
 use serde::Deserialize;
 
-use crate::install::run_in_host_mountns;
+use crate::hostexec::run_in_host_mountns;
 use crate::task::Task;
 
 /// Where we look inside our container to find our own image

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-use crate::install::run_in_host_mountns;`
	`1`	`+use crate::hostexec::run_in_host_mountns;`
`2`	`2`	`use crate::task::Task;`
`3`	`3`	`use anyhow::{anyhow, Context, Result};`
`4`	`4`	`use camino::{Utf8Path, Utf8PathBuf};`
Original file line number	Diff line number	Diff line change
`@@ -674,7 +674,7 @@ async fn run_from_opt(opt: Opt) -> Result<()> {`
`674`	`674`	`},`
`675`	`675`	`#[cfg(feature = "install")]`
`676`	`676`	`Opt::ExecInHostMountNamespace { args } => {`
`677`		`- crate::install::exec_in_host_mountns(args.as_slice())`
	`677`	`+ crate::hostexec::exec_in_host_mountns(args.as_slice())`
`678`	`678`	`}`
`679`	`679`	`Opt::Status(opts) => super::status::status(opts).await,`
`680`	`680`	`Opt::Internals(opts) => match opts {`