1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
use std::{ffi::CString, fs::File, os::unix::prelude::OsStringExt};
use nix::mount::{self, MsFlags};
use walkdir::WalkDir;
use crate::{
paths, unshare,
util::{error::*, fs, tar},
};
fn fixup_rootfs_owner() -> Result<()> {
for entry in WalkDir::new(paths::ROOTFS_DIR) {
let path =
CString::new(entry?.into_path().into_os_string().into_vec()).map_err(Error::new)?;
if unsafe {
libc::lchown(
path.as_ptr(),
unshare::MAPPED_ROOT_UID.as_raw(),
unshare::MAPPED_ROOT_GID.as_raw(),
)
} < 0
{
return Err(Error::last_os_error());
}
}
Ok(())
}
fn prepare_buildtmp() -> Result<()> {
mount::mount::<_, _, _, str>(
Some("buildtmp"),
paths::TMP_DIR,
Some("tmpfs"),
MsFlags::empty(),
None,
)
.context("Mounting build tmpfs failed")?;
tar::unpack(File::open(paths::ROOTFS_ARCHIVE)?, paths::ROOTFS_DIR)
.context("Unpacking build container rootfs failed")?;
fixup_rootfs_owner().context("Changing container rootfs owner failed")
}
pub fn runc_preinit() -> Result<()> {
fs::mkdir(paths::LAYER_STATE_DIR)?;
fs::mkdir(paths::OUTPUT_STATE_DIR)?;
Ok(())
}
pub fn runc_init() -> Result<()> {
prepare_buildtmp()?;
Ok(())
}
|