composefs/usr: Fix /usr permissions on overlay mount

The upper,work directories being created for `/usr` transient mount
always had the mode `0o700` hence only being accessible to root

Update `bootc_initramfs_setup::ensure_dir` to accept an optional
`mode` argument

Fixes: #1833

Signed-off-by: Pragyan Poudyal <[email protected]>

Author: Johan-Liebert1

crates/initramfs/src/lib.rs

@@ -169,8 +169,8 @@ pub fn open_dir(dirfd: impl AsFd, name: impl AsRef<Path> + Debug) -> Result<Owne
 }
 
 #[context("Ensure dir")]
-fn ensure_dir(dirfd: impl AsFd, name: &str) -> Result<OwnedFd> {
-    match mkdirat(dirfd.as_fd(), name, 0o700.into()) {
+fn ensure_dir(dirfd: impl AsFd, name: &str, mode: Option<u32>) -> Result<OwnedFd> {
+    match mkdirat(dirfd.as_fd(), name, mode.unwrap_or(0o700).into()) {
         Ok(()) | Err(Errno::EXIST) => {}
         Err(err) => Err(err).with_context(|| format!("Creating dir {name}"))?,
     }
@@ -203,9 +203,9 @@ fn mount_tmpfs() -> Result<OwnedFd> {
 }
 
 #[context("Mounting state as overlay")]
-fn overlay_state(base: impl AsFd, state: impl AsFd, source: &str) -> Result<()> {
-    let upper = ensure_dir(state.as_fd(), "upper")?;
-    let work = ensure_dir(state.as_fd(), "work")?;
+fn overlay_state(base: impl AsFd, state: impl AsFd, source: &str, mode: Option<u32>) -> Result<()> {
+    let upper = ensure_dir(state.as_fd(), "upper", mode)?;
+    let work = ensure_dir(state.as_fd(), "work", mode)?;
 
     let overlayfs = FsHandle::open("overlay")?;
     fsconfig_set_string(overlayfs.as_fd(), "source", source)?;
@@ -224,8 +224,8 @@ fn overlay_state(base: impl AsFd, state: impl AsFd, source: &str) -> Result<()>
 
 /// Mounts a transient overlayfs with passed in fd as the lowerdir
 #[context("Mounting transient overlayfs")]
-pub fn overlay_transient(base: impl AsFd) -> Result<()> {
-    overlay_state(base, prepare_mount(mount_tmpfs()?)?, "transient")
+pub fn overlay_transient(base: impl AsFd, mode: Option<u32>) -> Result<()> {
+    overlay_state(base, prepare_mount(mount_tmpfs()?)?, "transient", mode)
 }
 
 #[context("Opening rootfs")]
@@ -287,8 +287,9 @@ fn mount_subdir(
             open_dir(&new_root, subdir)?,
             open_dir(&state, subdir)?,
             "overlay",
+            None,
         ),
-        MountType::Transient => overlay_transient(open_dir(&new_root, subdir)?),
+        MountType::Transient => overlay_transient(open_dir(&new_root, subdir)?, None),
     }
 }
 
@@ -350,7 +351,7 @@ pub fn setup_root(args: Args) -> Result<()> {
     }
 
     if config.root.transient {
-        overlay_transient(&new_root)?;
+        overlay_transient(&new_root, None)?;
     }
 
     match composefs::mount::mount_at(&sysroot_clone, &new_root, "sysroot") {

crates/lib/src/bootc_composefs/state.rs

@@ -246,7 +246,7 @@ pub(crate) fn composefs_usr_overlay() -> Result<()> {
         return Ok(());
     }
 
-    overlay_transient(usr)?;
+    overlay_transient(usr, Some(0o755))?;
 
     println!("A writeable overlayfs is now mounted on /usr");
     println!("All changes there will be discarded on reboot.");