Translate flags passed to mount() and read back using statfs() from hex
to named constants, to make troubleshooting a bit easier.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When attempting to change the mount propagation of the old root
directory tree before unmounting it, it's enough that we pass the
requested propagation flags.
In particular, MS_REC is the only flag that is supposed to be allowed to
be specified along with a mount propagation flag, but in practice it was
only triggering an error some of the time, and CI wasn't one of those
times.
The added test mounts the root filesystem as an overlay and then runs
buildah as a rootless user on top of that, which is more comparable to a
root-on-composefs configuration, which manages to trigger the error.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When setting mount propagation on the root mount before unmounting it,
use MS_REBIND, since we know it's already a bind mount, and we actually
want to affect the extant bind mount instead of creating another right
over it. Otherwise, we might as well have not bothered.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Unless --no-pivot or the equivalent API flag is set, try to pivot_root()
to enter the rootfs during Run(). Fall back to using chroot() as before
if that fails for any reason.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
github.com/moby/sys/capability is a fork of the (no longer maintained)
github.com/syndtr/gocapability package.
For the list of changes since the fork took place, see
https://github.com/moby/sys/blob/main/capability/CHANGELOG.md
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Ambient capabilities can't be raised without inheritable ones, and since we
don't raise inheritable, we should not raise ambient either.
This went unnoticed because of a bug in syndtr/gocapability which is
only fixed in its fork (see the next commit).
Amends commit e7e55c988.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
govet warned about some places where we were passing something other
than a literal string to a function that took format specifiers.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
1. Use gofmt to format the code:
git ls-files \*.go | grep -Ev '/?vendor/' | xargs gofmt -w -s
2. Add gofmt to golangci-lint (it's not enabled by default).
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This change is generated by `go1.23rc2 fix ./...`.
Had to use go1.23rc2, since all released go versions have a bug
preventing it from working with `go 1.22.0` in go.mod (opened
https://github.com/golang/go/issues/68825,
https://github.com/golang/go/issues/68824 for awareness).
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Before #5083, when running with chroot isolation ro mounts like secrets
from env vars would explicitly have the unix.MS_NOEXEC, unix.MS_NOSUID
and unix.MS_NODEV flags set when they were remounted. Now when running
with chroot isolation ro mounts like secrets from env vars are not
getting those same flags set and so the remount operation fails.
Specifically it looks like we are missing the unix.MS_NOSUID and
unix.MS_NODEV flags.
This change adds special handling for read-only mounts when we need to do
a remount to try to get the desired flags to stick. If we've requested
a read-only mount (unix.ST_RDONLY is set in requestFlags), then we add any
possibleImportantFlags that are set in fs.Flags to remountFlags so the remount
operation doesn't fail because they are missing. I've also added a test to
bud.bats that covers this case.
Signed-off-by: Jonah Bull <jonah.bull@elastic.co>
Pay better attention to dev/nodev/exec/noexec/suid/nosuid/ro/rw flags on
bind, overlay, and tmpfs mounts when any of them are specified. Stop
quietly adding "nodev" when it isn't asked for.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
a bind mount cannot be made RDONLY in the same mount operation as it
is created. For that we need a second operation.
Closes: https://github.com/containers/buildah/issues/4203
[NO NEW TESTS NEEDED] it fails in Buildah in a container
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh dwalsh@redhat.com
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This adds no-op stubs for various things and adds an optional override
for creating the container chroot - on FreeBSD we use a jail to allow
setting the container hostname.
Signed-off-by: Doug Rabson <dfr@rabson.org>
This intentionally breaks the FreeBSD so that I can move the code
unmodified which will help with future merge conflicts. A subsequent
commit will resolve this by factoring out Linux-specific code.
Signed-off-by: Doug Rabson <dfr@rabson.org>
This leaves runUsingChrootSubprocOptions in the platform-specific file
since syscall.SysProcIDMap isn't available on FreeBSD.
Signed-off-by: Doug Rabson <dfr@rabson.org>
If errors for which os.IsExist() or os.IsNotExist() would have returned
true have been wrapped using fmt.Errorf()'s "%w" verb, os.IsExist() and
os.IsNotExist(), not having been retrofitted to use errors.Is(), will
return false.
Use errors.Is() to check if an error is an os.ErrExist or os.ErrNotExist
error instead of calling os.IsExist() or os.IsNotExist().
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Jan Kaluza
Nalin Dahyabhai
Kir Kolyshkin
Jonah Bull
Giuseppe Scrivano
Daniel J Walsh
Doug Rabson