Skip to content

Refactor mount operations to use procfd and new mount API #2094

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
giuseppe wants to merge 22 commits into
base: main
Choose a base branch
from
Draft

Refactor mount operations to use procfd and new mount API #2094

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
3b09654
linux: fix NULL pointer dereference
giuseppe May 11, 2026
ad2a740
linux: open procfd early and store in private_data
giuseppe May 5, 2026
7d7b554
linux: use fsetxattr with procfd in do_mount
giuseppe May 5, 2026
295cfa1
linux: use fchmodat/fchownat with procfd in libcrun_create_dev
giuseppe May 5, 2026
d10cf53
linux: use procfd to read /proc/self/cgroup in do_mount_cgroup_v1
giuseppe May 5, 2026
de69e18
linux: use procfd to stat source_mountfd in process_single_mount
giuseppe May 5, 2026
c792385
linux: use procfd in do_masked_or_readonly_path
giuseppe May 5, 2026
1d20ad2
linux: use procfd in do_masked_or_readonly_path keep_flags fallback
giuseppe May 13, 2026
db6fe83
linux: use procfd in get_shared_empty_dir_cached and mount_masked_dir
giuseppe May 5, 2026
869cdef
linux: use procfd to read unified cgroup path
giuseppe May 5, 2026
d995fd3
linux: try mount_setattr in do_remount
giuseppe May 5, 2026
ca706b0
linux: try mount_setattr in make_parent_mount_private
giuseppe May 12, 2026
175ee8b
linux: use fstat to detect root in make_parent_mount_private
giuseppe May 12, 2026
73bbdcd
linux: fix swapped args in do_mount_setattr for readonly paths
giuseppe May 13, 2026
42f600c
linux: use new mount API in do_mount when available
giuseppe May 5, 2026
cbc40a1
linux: pre-open needed devices in parent for userns containers
giuseppe May 6, 2026
02961b1
linux: use fchmodat/fchownat in libcrun_create_dev
giuseppe May 6, 2026
5c66701
linux: change signature for open_mount_of_type
giuseppe May 8, 2026
ad7ea42
tests: check directory type instead of nlink for masked paths
giuseppe May 13, 2026
c902af3
linux: move pivot_root before container mounts
giuseppe May 11, 2026
a00c6bd
linux: add OPEN_TREE_NAMESPACE support
giuseppe May 7, 2026
876a55f
Revert "linux: add OPEN_TREE_NAMESPACE support"
giuseppe May 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 50 additions & 24 deletions src/libcrun/cgroup-utils.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,35 +210,13 @@ libcrun_get_cgroup_mode (libcrun_error_t *err)
return cgroup_mode;
}

int
libcrun_get_cgroup_process (pid_t pid, char **path, bool absolute, libcrun_error_t *err)
static int
get_cgroup_process_from_content (char *content, int cgroup_mode, char **path, bool absolute, libcrun_error_t *err)
{
cleanup_free char *content = NULL;
char proc_cgroup_file[64];
char *cg_path = NULL;
size_t content_size;
char *controller;
char *saveptr;
int cgroup_mode;
bool has_data;
int ret;

cgroup_mode = libcrun_get_cgroup_mode (err);
if (UNLIKELY (cgroup_mode < 0))
return cgroup_mode;

if (pid == 0)
strcpy (proc_cgroup_file, PROC_SELF_CGROUP);
else
{
int len = snprintf (proc_cgroup_file, sizeof (proc_cgroup_file), "/proc/%d/cgroup", pid);
if (UNLIKELY (len >= (int) sizeof (proc_cgroup_file)))
return crun_make_error (err, 0, "internal error: static buffer too small");
}

ret = read_all_file (proc_cgroup_file, &content, &content_size, err);
if (UNLIKELY (ret < 0))
return ret;

for (has_data = read_proc_cgroup (content, &saveptr, NULL, &controller, &cg_path);
has_data;
Expand Down Expand Up @@ -266,6 +244,54 @@ libcrun_get_cgroup_process (pid_t pid, char **path, bool absolute, libcrun_error
return 0;
}

int
libcrun_get_cgroup_process_at (int dirfd, char **path, bool absolute, libcrun_error_t *err)
{
cleanup_free char *content = NULL;
size_t content_size;
int cgroup_mode;
int ret;

cgroup_mode = libcrun_get_cgroup_mode (err);
if (UNLIKELY (cgroup_mode < 0))
return cgroup_mode;

ret = read_all_file_at (dirfd, SELF_CGROUP, &content, &content_size, err);
if (UNLIKELY (ret < 0))
return ret;

return get_cgroup_process_from_content (content, cgroup_mode, path, absolute, err);
}

int
libcrun_get_cgroup_process (pid_t pid, char **path, bool absolute, libcrun_error_t *err)
{
cleanup_free char *content = NULL;
char proc_cgroup_file[64];
size_t content_size;
int cgroup_mode;
int ret;

cgroup_mode = libcrun_get_cgroup_mode (err);
if (UNLIKELY (cgroup_mode < 0))
return cgroup_mode;

if (pid == 0)
strcpy (proc_cgroup_file, PROC_SELF_CGROUP);
else
{
int len = snprintf (proc_cgroup_file, sizeof (proc_cgroup_file), "/proc/%d/cgroup", pid);
if (UNLIKELY (len >= (int) sizeof (proc_cgroup_file)))
return crun_make_error (err, 0, "internal error: static buffer too small");
}

ret = read_all_file (proc_cgroup_file, &content, &content_size, err);
if (UNLIKELY (ret < 0))
return ret;

return get_cgroup_process_from_content (content, cgroup_mode, path, absolute, err);
}

static int
read_pids_cgroup (int dfd, bool recurse, pid_t **pids, size_t *n_pids, size_t *allocated, libcrun_error_t *err)
{
Expand Down
2 changes: 2 additions & 0 deletions src/libcrun/cgroup-utils.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@ int libcrun_cgroups_create_symlinks (int dirfd, libcrun_error_t *err);

int libcrun_get_cgroup_process (pid_t pid, char **path, bool absolute, libcrun_error_t *err);

int libcrun_get_cgroup_process_at (int dirfd, char **path, bool absolute, libcrun_error_t *err);

int libcrun_get_cgroup_mode (libcrun_error_t *err);

int libcrun_get_cgroup_dirfd (struct libcrun_cgroup_status *status, const char *sub_cgroup, libcrun_error_t *err);
Expand Down
6 changes: 5 additions & 1 deletion src/libcrun/cgroup.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,12 @@
# define CGROUP_ROOT "/sys/fs/cgroup"
#endif

#ifndef SELF_CGROUP
# define SELF_CGROUP "self/cgroup"
#endif

#ifndef PROC_SELF_CGROUP
# define PROC_SELF_CGROUP "/proc/self/cgroup"
# define PROC_SELF_CGROUP "/proc/" SELF_CGROUP
#endif

enum
Expand Down
21 changes: 9 additions & 12 deletions src/libcrun/container.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1339,11 +1339,6 @@ container_init_setup (void *args, pid_t own_pid, char *notify_socket,
if (UNLIKELY (ret < 0))
return ret;

/* sync 2 and 3 are sent as part of libcrun_set_mounts. */
ret = libcrun_set_mounts (entrypoint_args, container, rootfs, send_sync_cb, &sync_socket, err);
if (UNLIKELY (ret < 0))
return ret;

if (def->hooks && def->hooks->create_container_len)
{
libcrun_error_t tmp_err = NULL;
Expand All @@ -1357,6 +1352,15 @@ container_init_setup (void *args, pid_t own_pid, char *notify_socket,
return ret;
}

ret = libcrun_do_pivot_root (container, entrypoint_args->context->no_pivot, &rootfs, err);
if (UNLIKELY (ret < 0))
return ret;

/* sync 2 and 3 are sent as part of libcrun_set_mounts. */
ret = libcrun_set_mounts (entrypoint_args, container, rootfs, send_sync_cb, &sync_socket, err);
if (UNLIKELY (ret < 0))
return ret;

ret = libcrun_finalize_mounts (entrypoint_args, container, rootfs, err);
if (UNLIKELY (ret < 0))
return ret;
Expand All @@ -1376,13 +1380,6 @@ container_init_setup (void *args, pid_t own_pid, char *notify_socket,
if (UNLIKELY (ret < 0))
crun_error_write_warning_and_release (entrypoint_args->context->output_handler_arg, &err);

if (rootfs)
{
ret = libcrun_do_pivot_root (container, entrypoint_args->context->no_pivot, rootfs, err);
if (UNLIKELY (ret < 0))
return ret;
}

ret = libcrun_reopen_dev_null (err);
if (UNLIKELY (ret < 0))
return ret;
Expand Down
Loading
Loading