use mount_self() instead of from tuple

2025-07-11 19:37:06 -04:00 · 2025-07-11 19:37:06 -04:00 · 4df0b611b1
parent 01f595657d
commit 4df0b611b1
2 changed files with 56 additions and 3 deletions
--- a/src/main.rs
+++ b/src/main.rs
@ -58,7 +58,17 @@ fn init_rootfs() {
 fn init() -> Result<()> {
    // let config = config::get_config()?;

-    init_rootfs();
+    // init_rootfs();
+    if let Err(errors) = system::mount_default_targets() {
+        for error in errors {
+            eprintln!("Error while mounting: {error}");
+            let mut opt = Some(&error as &dyn std::error::Error);
+            while let Some(current_source) = opt {
+                eprintln!("Caused by: {current_source}");
+                opt = current_source.source();
+            }
+        }
+    }

    platform::aws::Aws.init().unwrap();

--- a/src/system/mod.rs
+++ b/src/system/mod.rs
@ -1,5 +1,6 @@
-use crate::result::{Result, Context};
-use std::path::{PathBuf, Path};
+use crate::result::{Context, CtxError, Result};
+use libc::{MS_NODEV, MS_NOEXEC, MS_NOSUID};
+use std::path::{Path, PathBuf};

 pub mod syscall;

@ -72,6 +73,48 @@ impl Mount {
    }
 }

+pub fn mount_default_targets() -> Result<(), Vec<CtxError>> {
+    let no_dse = MS_NODEV | MS_NOSUID | MS_NOEXEC;
+    let no_se = MS_NOSUID | MS_NOEXEC;
+    let m0755 = Some("mode=0755");
+    let hidepid = Some("hidepid=2");
+
+    // why, oh why, rustfmt
+    let mounts = [
+        Mount::new(
+            MountType::DevTmpFs,
+            "/dev",
+            MountType::DevTmpFs,
+            no_se,
+            m0755,
+        ),
+        Mount::new(MountType::Proc, "/proc", MountType::Proc, no_dse, hidepid),
+        Mount::new(MountType::TmpFs, "/tmp", MountType::TmpFs, no_dse, None),
+        Mount::new(MountType::SysFs, "/sys", MountType::SysFs, no_dse, None),
+        Mount::new(
+            "cgroup_root",
+            "/sys/fs/cgroup",
+            MountType::TmpFs,
+            no_dse,
+            m0755,
+        ),
+    ];
+
+    let mut errors = vec![];
+
+    for mount in mounts {
+        if let Err(e) = mount.mount_self() {
+            errors.push(e);
+        }
+    }
+
+    if !errors.is_empty() {
+        return Err(errors);
+    }
+
+    Ok(())
+}
+
 pub fn insmod(path: impl AsRef<Path>, params: impl AsRef<str>) -> Result<()> {
    let path = path.as_ref();
    let params = params.as_ref();