diff --git a/src/main.rs b/src/main.rs index 9789095..b1b2fb2 100644 --- a/src/main.rs +++ b/src/main.rs @@ -58,7 +58,17 @@ fn init_rootfs() { fn init() -> Result<()> { // let config = config::get_config()?; - init_rootfs(); + // init_rootfs(); + if let Err(errors) = system::mount_default_targets() { + for error in errors { + eprintln!("Error while mounting: {error}"); + let mut opt = Some(&error as &dyn std::error::Error); + while let Some(current_source) = opt { + eprintln!("Caused by: {current_source}"); + opt = current_source.source(); + } + } + } platform::aws::Aws.init().unwrap(); diff --git a/src/system/mod.rs b/src/system/mod.rs index b2e2275..257dee7 100644 --- a/src/system/mod.rs +++ b/src/system/mod.rs @@ -1,5 +1,6 @@ -use crate::result::{Result, Context}; -use std::path::{PathBuf, Path}; +use crate::result::{Context, CtxError, Result}; +use libc::{MS_NODEV, MS_NOEXEC, MS_NOSUID}; +use std::path::{Path, PathBuf}; pub mod syscall; @@ -72,6 +73,48 @@ impl Mount { } } +pub fn mount_default_targets() -> Result<(), Vec> { + let no_dse = MS_NODEV | MS_NOSUID | MS_NOEXEC; + let no_se = MS_NOSUID | MS_NOEXEC; + let m0755 = Some("mode=0755"); + let hidepid = Some("hidepid=2"); + + // why, oh why, rustfmt + let mounts = [ + Mount::new( + MountType::DevTmpFs, + "/dev", + MountType::DevTmpFs, + no_se, + m0755, + ), + Mount::new(MountType::Proc, "/proc", MountType::Proc, no_dse, hidepid), + Mount::new(MountType::TmpFs, "/tmp", MountType::TmpFs, no_dse, None), + Mount::new(MountType::SysFs, "/sys", MountType::SysFs, no_dse, None), + Mount::new( + "cgroup_root", + "/sys/fs/cgroup", + MountType::TmpFs, + no_dse, + m0755, + ), + ]; + + let mut errors = vec![]; + + for mount in mounts { + if let Err(e) = mount.mount_self() { + errors.push(e); + } + } + + if !errors.is_empty() { + return Err(errors); + } + + Ok(()) +} + pub fn insmod(path: impl AsRef, params: impl AsRef) -> Result<()> { let path = path.as_ref(); let params = params.as_ref();