From e3119a77bfe4be98b721dfe262b01e2c328c3c79 Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Sat, 30 Oct 2021 23:40:08 +0200
Subject: runner: set up /dev in separate directory

Preparation for removal of a single rootfs.
---
 crates/runner/src/init.rs | 33 +++++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)

(limited to 'crates/runner/src/init.rs')

diff --git a/crates/runner/src/init.rs b/crates/runner/src/init.rs
index 07631ea..ad37cf0 100644
--- a/crates/runner/src/init.rs
+++ b/crates/runner/src/init.rs
@@ -7,15 +7,31 @@ use common::error::*;
 use super::{tar, util::fs};
 use crate::paths;
 
-fn prepare_rootfs(rootfs: &str) -> Result<()> {
-	tar::unpack(File::open(paths::ROOTFS_ARCHIVE)?, rootfs)
+fn prepare_rootfs(path: &str) -> Result<()> {
+	tar::unpack(File::open(paths::ROOTFS_ARCHIVE)?, path)
 		.context("Unpacking build container rootfs failed")?;
 
-	mount::mount::<_, _, str, str>(Some(rootfs), rootfs, None, MsFlags::MS_BIND, None)
+	mount::mount::<_, _, str, str>(Some(path), path, None, MsFlags::MS_BIND, None)
 		.context("Failed to bind mount container rootfs")?;
+	mount::mount::<str, _, str, str>(
+		None,
+		path,
+		None,
+		MsFlags::MS_REMOUNT | MsFlags::MS_BIND | MsFlags::MS_RDONLY,
+		None,
+	)
+	.context("Failed to mount container rootfs read-only")?;
+
+	Ok(())
+}
+
+fn prepare_dev(path: &str) -> Result<()> {
+	fs::mkdir(path)?;
+	mount::mount::<_, _, str, str>(Some(path), path, None, MsFlags::MS_BIND, None)
+		.context("Failed to bind mount container /dev")?;
 
 	for dir in ["pts", "shm"] {
-		fs::mkdir(paths::join(&[rootfs, "dev", dir]))?;
+		fs::mkdir(paths::join(&[path, dir]))?;
 	}
 
 	for (link, target) in [
@@ -25,14 +41,14 @@ fn prepare_rootfs(rootfs: &str) -> Result<()> {
 		("stderr", "/proc/self/fd/2"),
 		("ptmx", "pts/ptmx"),
 	] {
-		let path = paths::join(&[rootfs, "dev", link]);
+		let path = paths::join(&[path, link]);
 		std::os::unix::fs::symlink(target, &path)
 			.with_context(|| format!("Failed to create link {}", path))?;
 	}
 
 	for dev in ["null", "zero", "full", "random", "urandom", "tty"] {
 		let source = paths::join(&["/dev", dev]);
-		let target = paths::join(&[rootfs, "dev", dev]);
+		let target = paths::join(&[path, dev]);
 		fs::create(&target)?;
 		mount::mount::<str, str, str, str>(Some(&source), &target, None, MsFlags::MS_BIND, None)
 			.with_context(|| format!("Failed to bind mount {}", source))?;
@@ -40,12 +56,12 @@ fn prepare_rootfs(rootfs: &str) -> Result<()> {
 
 	mount::mount::<str, _, str, str>(
 		None,
-		rootfs,
+		path,
 		None,
 		MsFlags::MS_REMOUNT | MsFlags::MS_BIND | MsFlags::MS_RDONLY,
 		None,
 	)
-	.context("Failed to mount container rootfs read-only")?;
+	.context("Failed to mount container /dev read-only")?;
 
 	Ok(())
 }
@@ -68,6 +84,7 @@ pub fn init_runner() -> Result<()> {
 		.context("Failed to set MS_PRIVATE for build tmpdir")?;
 
 	prepare_rootfs(paths::ROOTFS_DIR)?;
+	prepare_dev(paths::DEV_DIR)?;
 
 	Ok(())
 }
-- 
cgit v1.2.3