diff --git a/pkg/child/hosts.go b/pkg/child/hosts.go index 4f739102..ce12cd5c 100644 --- a/pkg/child/hosts.go +++ b/pkg/child/hosts.go @@ -6,9 +6,9 @@ import ( "os" "path/filepath" - "github.com/pkg/errors" + "golang.org/x/sys/unix" - "github.com/rootless-containers/rootlesskit/pkg/common" + "github.com/pkg/errors" ) // generateEtcHosts makes sure the current hostname is resolved into @@ -56,11 +56,9 @@ func mountEtcHosts(tempDir string) error { if err := ioutil.WriteFile(myEtcHosts, newEtcHosts, 0644); err != nil { return errors.Wrapf(err, "writing %s", myEtcHosts) } - cmds := [][]string{ - {"mount", "--bind", myEtcHosts, "/etc/hosts"}, - } - if err := common.Execs(os.Stderr, os.Environ(), cmds); err != nil { - return errors.Wrapf(err, "executing %v", cmds) + + if err := unix.Mount(myEtcHosts, "/etc/hosts", "", uintptr(unix.MS_BIND), ""); err != nil { + return errors.Wrapf(err, "failed to create bind mount /etc/hosts for %s", myEtcHosts) } return nil } diff --git a/pkg/child/resolvconf.go b/pkg/child/resolvconf.go index 56cc7092..6b88047c 100644 --- a/pkg/child/resolvconf.go +++ b/pkg/child/resolvconf.go @@ -1,13 +1,12 @@ package child import ( + "golang.org/x/sys/unix" "io/ioutil" "os" "path/filepath" "github.com/pkg/errors" - - "github.com/rootless-containers/rootlesskit/pkg/common" ) func generateResolvConf(dns string) []byte { @@ -36,11 +35,9 @@ func mountResolvConf(tempDir, dns string) error { if err := ioutil.WriteFile(myResolvConf, generateResolvConf(dns), 0644); err != nil { return errors.Wrapf(err, "writing %s", myResolvConf) } - cmds := [][]string{ - {"mount", "--bind", myResolvConf, "/etc/resolv.conf"}, - } - if err := common.Execs(os.Stderr, os.Environ(), cmds); err != nil { - return errors.Wrapf(err, "executing %v", cmds) + + if err := unix.Mount(myResolvConf, "/etc/resolv.conf", "", uintptr(unix.MS_BIND), ""); err != nil { + return errors.Wrapf(err, "failed to create bind mount /etc/resolv.conf for %s", myResolvConf) } return nil } diff --git a/pkg/copyup/tmpfssymlink/tmpfssymlink.go b/pkg/copyup/tmpfssymlink/tmpfssymlink.go index f4bd4958..35c006e3 100644 --- a/pkg/copyup/tmpfssymlink/tmpfssymlink.go +++ b/pkg/copyup/tmpfssymlink/tmpfssymlink.go @@ -5,9 +5,10 @@ import ( "os" "path/filepath" + "golang.org/x/sys/unix" + "github.com/pkg/errors" - "github.com/rootless-containers/rootlesskit/pkg/common" "github.com/rootless-containers/rootlesskit/pkg/copyup" ) @@ -33,24 +34,23 @@ func (d *childDriver) CopyUp(dirs []string) ([]string, error) { // TODO: we can support copy-up /tmp by changing bind0TempDir return copied, errors.New("/tmp cannot be copied up") } - cmds := [][]string{ - // TODO: read-only bind (does not work well for /run) - {"mount", "--rbind", d, bind0}, - {"mount", "-n", "-t", "tmpfs", "none", d}, + + if err := unix.Mount(d, bind0, "", uintptr(unix.MS_BIND|unix.MS_REC), ""); err != nil { + return copied, errors.Wrapf(err, "failed to create bind mount on %s", d) } - if err := common.Execs(os.Stderr, os.Environ(), cmds); err != nil { - return copied, errors.Wrapf(err, "executing %v", cmds) + + if err := unix.Mount("none", d, "tmpfs", 0, ""); err != nil { + return copied, errors.Wrapf(err, "failed to mount tmpfs on %s", d) } + bind1, err := ioutil.TempDir(d, ".ro") if err != nil { return copied, errors.Wrapf(err, "creating a directory under %s", d) } - cmds = [][]string{ - {"mount", "-n", "--move", bind0, bind1}, - } - if err := common.Execs(os.Stderr, os.Environ(), cmds); err != nil { - return copied, errors.Wrapf(err, "executing %v", cmds) + if err := unix.Mount(bind0, bind1, "", uintptr(unix.MS_MOVE), ""); err != nil { + return copied, errors.Wrapf(err, "failed to move mount point from %s to %s", bind0, bind1) } + files, err := ioutil.ReadDir(bind1) if err != nil { return copied, errors.Wrapf(err, "reading dir %s", bind1)