From 84f8428fc8812ac433b71a4075aec7e6924d4f64 Mon Sep 17 00:00:00 2001
From: Boris Popovschi <zyqsempai@mail.ru>
Date: Fri, 27 Dec 2019 16:43:47 +0200
Subject: [PATCH] Switch from mount(8) to mount(2) syscall

Signed-off-by: Boris Popovschi <zyqsempai@mail.ru>
---
 pkg/child/child.go | 34 ++++++++++++++--------------------
 1 file changed, 14 insertions(+), 20 deletions(-)

diff --git a/pkg/child/child.go b/pkg/child/child.go
index 53232be4..5bc829d5 100644
--- a/pkg/child/child.go
+++ b/pkg/child/child.go
@@ -43,39 +43,33 @@ func mountSysfs() error {
 		return errors.Wrap(err, "creating a directory under /tmp")
 	}
 	defer os.RemoveAll(tmp)
-	cmds := [][]string{{"mount", "--rbind", "/sys/fs/cgroup", tmp}}
-	if err := common.Execs(os.Stderr, os.Environ(), cmds); err != nil {
-		return errors.Wrapf(err, "executing %v", cmds)
+	cgroupDir := "/sys/fs/cgroup"
+	if err := unix.Mount(cgroupDir, tmp, "", uintptr(unix.MS_BIND|unix.MS_REC), ""); err != nil {
+		return errors.Wrapf(err, "failed to create bind mount on %s", cgroupDir)
 	}
-	cmds = [][]string{{"mount", "-t", "sysfs", "none", "/sys"}}
-	if err := common.Execs(os.Stderr, os.Environ(), cmds); err != nil {
+
+	if err := unix.Mount("", "/sys", "sysfs", 0, ""); err != nil {
 		// when the sysfs in the parent namespace is RO,
 		// we can't mount RW sysfs even in the child namespace.
 		// https://github.com/rootless-containers/rootlesskit/pull/23#issuecomment-429292632
 		// https://github.com/torvalds/linux/blob/9f203e2f2f065cd74553e6474f0ae3675f39fb0f/fs/namespace.c#L3326-L3328
-		cmdsRo := [][]string{{"mount", "-t", "sysfs", "-o", "ro", "none", "/sys"}}
-		logrus.Warnf("failed to mount sysfs (%v), falling back to read-only mount (%v): %v",
-			cmds, cmdsRo, err)
-		if err := common.Execs(os.Stderr, os.Environ(), cmdsRo); err != nil {
+		logrus.Warnf("failed to mount sysfs, falling back to read-only mount: %v", err)
+		if err := unix.Mount("", "/sys", "sysfs", uintptr(unix.MS_RDONLY), ""); err != nil {
 			// when /sys/firmware is masked, even RO sysfs can't be mounted
-			logrus.Warnf("failed to mount sysfs (%v): %v", cmdsRo, err)
+			logrus.Warnf("failed to mount sysfs: %v", err)
 		}
 	}
-	cmds = [][]string{{"mount", "-n", "--move", tmp, "/sys/fs/cgroup"}}
-	if err := common.Execs(os.Stderr, os.Environ(), cmds); err != nil {
-		return errors.Wrapf(err, "executing %v", cmds)
+	if err := unix.Mount(tmp, cgroupDir, "", uintptr(unix.MS_MOVE), ""); err != nil {
+		return errors.Wrapf(err, "failed to move mount point from %s to %s", tmp, cgroupDir)
 	}
 	return nil
 }
 
 func mountProcfs() error {
-	cmds := [][]string{{"mount", "-t", "proc", "none", "/proc"}}
-	if err := common.Execs(os.Stderr, os.Environ(), cmds); err != nil {
-		cmdsRo := [][]string{{"mount", "-t", "proc", "-o", "ro", "none", "/proc"}}
-		logrus.Warnf("failed to mount procfs (%v), falling back to read-only mount (%v): %v",
-			cmds, cmdsRo, err)
-		if err := common.Execs(os.Stderr, os.Environ(), cmdsRo); err != nil {
-			logrus.Warnf("failed to mount procfs (%v): %v", cmdsRo, err)
+	if err := unix.Mount("", "/proc", "proc", 0, ""); err != nil {
+		logrus.Warnf("failed to mount procfs, falling back to read-only mount: %v", err)
+		if err := unix.Mount("", "/proc", "proc", uintptr(unix.MS_RDONLY), ""); err != nil {
+			logrus.Warnf("failed to mount procfs: %v", err)
 		}
 	}
 	return nil