youki-dev · utam0k · Jun 19, 2024 · Jun 17, 2024
diff --git a/crates/libcontainer/src/rootfs/utils.rs b/crates/libcontainer/src/rootfs/utils.rs
@@ -6,7 +6,7 @@ use nix::sys::stat::SFlag;
 use oci_spec::runtime::{LinuxDevice, LinuxDeviceBuilder, LinuxDeviceType, Mount};
 
 use super::mount::MountError;
-use crate::syscall::linux::{self, MountAttrOption};
+use crate::syscall::linux::{self, MountRecursive};
 
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub struct MountOptionConfig {
@@ -89,18 +89,21 @@ pub fn parse_mount(m: &Mount) -> std::result::Result<MountOptionConfig, MountErr
 
     if let Some(options) = &m.options() {
         for option in options {
-            if let Ok(mount_attr_option) = linux::MountAttrOption::from_str(option.as_str()) {
+            if let Ok(mount_attr_option) = linux::MountRecursive::from_str(option.as_str()) {
+                // Some options aren't corresponding to the mount flags.
+                // These options need `AT_RECURSIVE` options.
+                // ref: https://github.com/opencontainers/runtime-spec/blob/main/config.md#linux-mount-options
                 let (is_clear, flag) = match mount_attr_option {
-                    MountAttrOption::MountArrtRdonly(is_clear, flag) => (is_clear, flag),
-                    MountAttrOption::MountAttrNosuid(is_clear, flag) => (is_clear, flag),
-                    MountAttrOption::MountAttrNodev(is_clear, flag) => (is_clear, flag),
-                    MountAttrOption::MountAttrNoexec(is_clear, flag) => (is_clear, flag),
-                    MountAttrOption::MountAttrAtime(is_clear, flag) => (is_clear, flag),
-                    MountAttrOption::MountAttrRelatime(is_clear, flag) => (is_clear, flag),
-                    MountAttrOption::MountAttrNoatime(is_clear, flag) => (is_clear, flag),
-                    MountAttrOption::MountAttrStrictAtime(is_clear, flag) => (is_clear, flag),
-                    MountAttrOption::MountAttrNoDiratime(is_clear, flag) => (is_clear, flag),
-                    MountAttrOption::MountAttrNosymfollow(is_clear, flag) => (is_clear, flag),
+                    MountRecursive::Rdonly(is_clear, flag) => (is_clear, flag),
+                    MountRecursive::Nosuid(is_clear, flag) => (is_clear, flag),
+                    MountRecursive::Nodev(is_clear, flag) => (is_clear, flag),
+                    MountRecursive::Noexec(is_clear, flag) => (is_clear, flag),
+                    MountRecursive::Atime(is_clear, flag) => (is_clear, flag),
+                    MountRecursive::Relatime(is_clear, flag) => (is_clear, flag),
+                    MountRecursive::Noatime(is_clear, flag) => (is_clear, flag),
+                    MountRecursive::StrictAtime(is_clear, flag) => (is_clear, flag),
+                    MountRecursive::NoDiratime(is_clear, flag) => (is_clear, flag),
+                    MountRecursive::Nosymfollow(is_clear, flag) => (is_clear, flag),
                 };
 
                 if mount_attr.is_none() {

diff --git a/crates/libcontainer/src/syscall/linux.rs b/crates/libcontainer/src/syscall/linux.rs
@@ -38,87 +38,65 @@ const MOUNT_ATTR_NODIRATIME: u64 = 0x00000080;
 const MOUNT_ATTR_NOSYMFOLLOW: u64 = 0x00200000;
 
 /// Constants used by mount_setattr(2).
-pub enum MountAttrOption {
+pub enum MountRecursive {
     /// Mount read-only.
-    MountArrtRdonly(bool, u64),
+    Rdonly(bool, u64),
 
     /// Ignore suid and sgid bits.
-    MountAttrNosuid(bool, u64),
+    Nosuid(bool, u64),
 
     /// Disallow access to device special files.
-    MountAttrNodev(bool, u64),
+    Nodev(bool, u64),
 
     /// Disallow program execution.
-    MountAttrNoexec(bool, u64),
+    Noexec(bool, u64),
 
     /// Setting on how atime should be updated.
-    MountAttrAtime(bool, u64),
+    Atime(bool, u64),
 
     /// Update atime relative to mtime/ctime.
-    MountAttrRelatime(bool, u64),
+    Relatime(bool, u64),
 
     /// Do not update access times.
-    MountAttrNoatime(bool, u64),
+    Noatime(bool, u64),
 
     /// Always perform atime updates.
-    MountAttrStrictAtime(bool, u64),
+    StrictAtime(bool, u64),
 
     /// Do not update directory access times.
-    MountAttrNoDiratime(bool, u64),
+    NoDiratime(bool, u64),
 
     /// Prevents following symbolic links.
-    MountAttrNosymfollow(bool, u64),
+    Nosymfollow(bool, u64),
 }
 
-impl FromStr for MountAttrOption {
+impl FromStr for MountRecursive {
     type Err = SyscallError;
 
     fn from_str(option: &str) -> std::result::Result<Self, Self::Err> {
         match option {
-            "rro" => Ok(MountAttrOption::MountArrtRdonly(false, MOUNT_ATTR_RDONLY)),
-            "rrw" => Ok(MountAttrOption::MountArrtRdonly(true, MOUNT_ATTR_RDONLY)),
-            "rnosuid" => Ok(MountAttrOption::MountAttrNosuid(false, MOUNT_ATTR_NOSUID)),
-            "rsuid" => Ok(MountAttrOption::MountAttrNosuid(true, MOUNT_ATTR_NOSUID)),
-            "rnodev" => Ok(MountAttrOption::MountAttrNodev(false, MOUNT_ATTR_NODEV)),
-            "rdev" => Ok(MountAttrOption::MountAttrNodev(true, MOUNT_ATTR_NODEV)),
-            "rnoexec" => Ok(MountAttrOption::MountAttrNoexec(false, MOUNT_ATTR_NOEXEC)),
-            "rexec" => Ok(MountAttrOption::MountAttrNoexec(true, MOUNT_ATTR_NOEXEC)),
-            "rnodiratime" => Ok(MountAttrOption::MountAttrNoDiratime(
-                false,
-                MOUNT_ATTR_NODIRATIME,
-            )),
-            "rdiratime" => Ok(MountAttrOption::MountAttrNoDiratime(
-                true,
-                MOUNT_ATTR_NODIRATIME,
-            )),
-            "rrelatime" => Ok(MountAttrOption::MountAttrRelatime(
-                false,
-                MOUNT_ATTR_RELATIME,
-            )),
-            "rnorelatime" => Ok(MountAttrOption::MountAttrRelatime(
-                true,
-                MOUNT_ATTR_RELATIME,
-            )),
-            "rnoatime" => Ok(MountAttrOption::MountAttrNoatime(false, MOUNT_ATTR_NOATIME)),
-            "ratime" => Ok(MountAttrOption::MountAttrNoatime(true, MOUNT_ATTR_NOATIME)),
-            "rstrictatime" => Ok(MountAttrOption::MountAttrStrictAtime(
-                false,
-                MOUNT_ATTR_STRICTATIME,
-            )),
-            "rnostrictatime" => Ok(MountAttrOption::MountAttrStrictAtime(
-                true,
-                MOUNT_ATTR_STRICTATIME,
-            )),
-            "rnosymfollow" => Ok(MountAttrOption::MountAttrNosymfollow(
-                false,
-                MOUNT_ATTR_NOSYMFOLLOW,
-            )),
-            "rsymfollow" => Ok(MountAttrOption::MountAttrNosymfollow(
-                true,
-                MOUNT_ATTR_NOSYMFOLLOW,
-            )),
+            "rro" => Ok(MountRecursive::Rdonly(false, MOUNT_ATTR_RDONLY)),
+            "rrw" => Ok(MountRecursive::Rdonly(true, MOUNT_ATTR_RDONLY)),
+            "rnosuid" => Ok(MountRecursive::Nosuid(false, MOUNT_ATTR_NOSUID)),
+            "rsuid" => Ok(MountRecursive::Nosuid(true, MOUNT_ATTR_NOSUID)),
+            "rnodev" => Ok(MountRecursive::Nodev(false, MOUNT_ATTR_NODEV)),
+            "rdev" => Ok(MountRecursive::Nodev(true, MOUNT_ATTR_NODEV)),
+            "rnoexec" => Ok(MountRecursive::Noexec(false, MOUNT_ATTR_NOEXEC)),
+            "rexec" => Ok(MountRecursive::Noexec(true, MOUNT_ATTR_NOEXEC)),
+            "rnodiratime" => Ok(MountRecursive::NoDiratime(false, MOUNT_ATTR_NODIRATIME)),
+            "rdiratime" => Ok(MountRecursive::NoDiratime(true, MOUNT_ATTR_NODIRATIME)),
+            "rrelatime" => Ok(MountRecursive::Relatime(false, MOUNT_ATTR_RELATIME)),
+            "rnorelatime" => Ok(MountRecursive::Relatime(true, MOUNT_ATTR_RELATIME)),
+            "rnoatime" => Ok(MountRecursive::Noatime(false, MOUNT_ATTR_NOATIME)),
+            "ratime" => Ok(MountRecursive::Noatime(true, MOUNT_ATTR_NOATIME)),
+            "rstrictatime" => Ok(MountRecursive::StrictAtime(false, MOUNT_ATTR_STRICTATIME)),
+            "rnostrictatime" => Ok(MountRecursive::StrictAtime(true, MOUNT_ATTR_STRICTATIME)),
+            "rnosymfollow" => Ok(MountRecursive::Nosymfollow(false, MOUNT_ATTR_NOSYMFOLLOW)),
+            "rsymfollow" => Ok(MountRecursive::Nosymfollow(true, MOUNT_ATTR_NOSYMFOLLOW)),
             // No support for MOUNT_ATTR_IDMAP yet (needs UserNS FD)
-            _ => Err(SyscallError::UnexpectedMountAttrOption(option.to_string())),
+            _ => Err(SyscallError::UnexpectedMountRecursiveOption(
+                option.to_string(),
+            )),
         }
     }
 }

diff --git a/crates/libcontainer/src/syscall/mod.rs b/crates/libcontainer/src/syscall/mod.rs
@@ -11,7 +11,7 @@ pub use syscall::Syscall;
 #[derive(Debug, thiserror::Error)]
 pub enum SyscallError {
     #[error("unexpected mount attr option: {0}")]
-    UnexpectedMountAttrOption(String),
+    UnexpectedMountRecursiveOption(String),
     #[error(transparent)]
     Nix(#[from] nix::Error),
     #[error(transparent)]