Allow mounting fds in TempMount

Allow mounting of any fds acquired using open_tree like syscalls

Signed-off-by: Pragyan Poudyal <[email protected]>

Author: Johan-Liebert1

crates/etc-merge/src/lib.rs

@@ -21,7 +21,7 @@ use composefs::fsverity::{FsVerityHashValue, Sha256HashValue, Sha512HashValue};
 use composefs::generic_tree::{Directory, Inode, Leaf, LeafContent, Stat};
 use composefs::tree::ImageError;
 use rustix::fs::{
-    lgetxattr, llistxattr, lsetxattr, readlinkat, symlinkat, AtFlags, Gid, Uid, XattrFlags,
+    AtFlags, Gid, Uid, XattrFlags, lgetxattr, llistxattr, lsetxattr, readlinkat, symlinkat,
 };
 
 /// Metadata associated with a file, directory, or symlink entry.

crates/lib/src/bootc_composefs/finalize.rs

@@ -1,5 +1,3 @@
-#![allow(dead_code)]
-
 use std::path::Path;
 
 use crate::bootc_composefs::boot::{get_esp_partition, get_sysroot_parent_dev, BootType};
@@ -9,13 +7,12 @@ use crate::{
     bootc_composefs::status::composefs_deployment_status, composefs_consts::STATE_DIR_ABS,
 };
 use anyhow::{Context, Result};
-use bootc_initramfs_setup::{mount_at_wrapper, mount_composefs_image, open_dir};
+use bootc_initramfs_setup::{mount_composefs_image, open_dir};
 use bootc_mount::tempmount::TempMount;
 use cap_std_ext::cap_std::{ambient_authority, fs::Dir};
 use cap_std_ext::dirext::CapStdExtDirExt;
 use etc_merge::{compute_diff, merge, traverse_etc};
 use rustix::fs::{fsync, renameat, CWD};
-use rustix::mount::{unmount, UnmountFlags};
 use rustix::path::Arg;
 
 use fn_error_context::context;
@@ -38,11 +35,11 @@ pub(crate) async fn composefs_native_finalize() -> Result<()> {
     let sysroot = open_dir(CWD, "/sysroot")?;
     let composefs_fd = mount_composefs_image(&sysroot, &booted_composefs.verity, false)?;
 
-    let tempdir = tempfile::tempdir().context("Creating tempdir")?;
-    mount_at_wrapper(composefs_fd, CWD, tempdir.path())?;
+    let erofs_tmp_mnt = TempMount::mount_fd(&composefs_fd)?;
 
     // Perform the /etc merge
-    let pristine_etc = Dir::open_ambient_dir(tempdir.path(), ambient_authority())?;
+    let pristine_etc =
+        Dir::open_ambient_dir(erofs_tmp_mnt.dir.path().join("etc"), ambient_authority())?;
     let current_etc = Dir::open_ambient_dir("/etc", ambient_authority())?;
 
     let new_etc_path = Path::new(STATE_DIR_ABS)
@@ -57,7 +54,8 @@ pub(crate) async fn composefs_native_finalize() -> Result<()> {
     let diff = compute_diff(&pristine_files, &current_files)?;
     merge(&current_etc, &current_files, &new_etc, &new_files, diff)?;
 
-    unmount(tempdir.path(), UnmountFlags::DETACH).context("Unmounting tempdir")?;
+    // Unmount EROFS
+    drop(erofs_tmp_mnt);
 
     let sysroot_parent = get_sysroot_parent_dev()?;
     // NOTE: Assumption here that ESP will always be present

crates/lib/src/bootc_composefs/mod.rs

@@ -1,8 +1,8 @@
 pub(crate) mod boot;
+pub(crate) mod finalize;
 pub(crate) mod repo;
 pub(crate) mod rollback;
 pub(crate) mod state;
 pub(crate) mod status;
 pub(crate) mod switch;
 pub(crate) mod update;
-pub(crate) mod finalize;

crates/lib/src/bootc_composefs/state.rs

@@ -3,6 +3,7 @@ use std::{fs::create_dir_all, process::Command};
 
 use anyhow::{Context, Result};
 use bootc_kernel_cmdline::Cmdline;
+use bootc_mount::tempmount::TempMount;
 use bootc_utils::CommandRunExt;
 use camino::Utf8PathBuf;
 use cap_std_ext::{cap_std, dirext::CapStdExtDirExt};
@@ -11,8 +12,7 @@ use fn_error_context::context;
 
 use ostree_ext::container::deploy::ORIGIN_CONTAINER;
 use rustix::{
-    fs::{open, Mode, OFlags, CWD},
-    mount::{unmount, UnmountFlags},
+    fs::{open, Mode, OFlags},
     path::Arg,
 };
 
@@ -71,22 +71,17 @@ pub(crate) fn copy_etc_to_state(
 
     let composefs_fd = bootc_initramfs_setup::mount_composefs_image(&sysroot_fd, &erofs_id, false)?;
 
-    let tempdir = tempfile::tempdir().context("Creating tempdir")?;
-
-    bootc_initramfs_setup::mount_at_wrapper(composefs_fd, CWD, tempdir.path())?;
+    let tempdir = TempMount::mount_fd(composefs_fd)?;
 
     // TODO: Replace this with a function to cap_std_ext
     let cp_ret = Command::new("cp")
         .args([
             "-a",
-            &format!("{}/etc/.", tempdir.path().as_str()?),
+            &format!("{}/etc/.", tempdir.dir.path().as_str()?),
             &format!("{state_path}/etc/."),
         ])
         .run_capture_stderr();
 
-    // Unmount regardless of copy succeeding
-    unmount(tempdir.path(), UnmountFlags::DETACH).context("Unmounting composefs")?;
-
     cp_ret
 }
 

crates/mount/src/tempmount.rs

@@ -1,9 +1,11 @@
+use std::os::fd::AsFd;
+
 use anyhow::{Context, Result};
 
 use camino::Utf8Path;
 use cap_std_ext::cap_std::{ambient_authority, fs::Dir};
 use fn_error_context::context;
-use rustix::mount::{unmount, UnmountFlags};
+use rustix::mount::{move_mount, unmount, MoveMountFlags, UnmountFlags};
 
 pub struct TempMount {
     pub dir: tempfile::TempDir,
@@ -21,12 +23,46 @@ impl TempMount {
 
         crate::mount(dev, utf8path)?;
 
-        // There's a case here where if the following open fails, we won't unmount which should be
-        // unlikely
         let fd = Dir::open_ambient_dir(tempdir.path(), ambient_authority())
-            .with_context(|| format!("Opening {:?}", tempdir.path()))?;
+            .with_context(|| format!("Opening {:?}", tempdir.path()));
+
+        let fd = match fd {
+            Ok(fd) => fd,
+            Err(e) => {
+                unmount(tempdir.path(), UnmountFlags::DETACH)?;
+                Err(e)?
+            }
+        };
+
+        Ok(Self { dir: tempdir, fd })
+    }
+
+    /// Mount and fd acquired with `open_tree` like syscall
+    #[context("Mounting fd")]
+    pub fn mount_fd(mnt_fd: impl AsFd) -> Result<Self> {
+        let tempdir = tempfile::TempDir::new()?;
+
+        move_mount(
+            mnt_fd.as_fd(),
+            "",
+            rustix::fs::CWD,
+            tempdir.path(),
+            MoveMountFlags::MOVE_MOUNT_F_EMPTY_PATH,
+        )
+        .context("move_mount")?;
+
+        let fd = Dir::open_ambient_dir(tempdir.path(), ambient_authority())
+            .with_context(|| format!("Opening {:?}", tempdir.path()));
+
+        let fd = match fd {
+            Ok(fd) => fd,
+            Err(e) => {
+                unmount(tempdir.path(), UnmountFlags::DETACH)?;
+                Err(e)?
+            }
+        };
 
-        Ok(TempMount { dir: tempdir, fd })
+        Ok(Self { dir: tempdir, fd })
     }
 }