Fallback scenario for mount_setattr

AlexeyPerevalov · AlexeyPerevalov · commit c1a18c3e7c1b · 2022-03-17T14:41:34.000Z
Based on kernel version, but it possible to implement it
on checking syscall existence.

Signed-off-by: Alexey Perevalov &lt;alexey.perevalov@huawei.com&gt;
diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go
@@ -378,6 +378,52 @@ func doTmpfsCopyUp(m *configs.Mount, rootfs, mountLabel string) (Err error) {
 	})
 }
 
+// TODO move it to appropriate place
+func getVersion(release [65]int8) (major int, middle int, err error) {
+	buf := make([]byte, 0, len(release))
+
+	for _, v := range release {
+		if v == 0x00 {
+			break
+		}
+
+		if major == 0 && v == '.' {
+			major, err = strconv.Atoi(string(buf))
+			if err != nil {
+				return 0, 0, err
+			}
+			buf = make([]byte, 0, len(release))
+			continue
+		}
+		if major != 0 && v == '.' {
+			middle, err = strconv.Atoi(string(buf))
+			if err != nil {
+				return 0, 0, err
+			}
+			return major, middle, nil
+		}
+		buf = append(buf, byte(v))
+	}
+	return 0, 0, fmt.Errorf("Can't parse uname")
+}
+
+func properVersionForIDMapMounts() bool {
+	var uname syscall.Utsname
+	if err := syscall.Uname(&uname); err != nil {
+		logrus.Errorf("Uname failed: %d", err)
+		return false
+	}
+
+	major, middle, err := getVersion(uname.Release)
+
+	if err != nil {
+		logrus.Errorf("getVersion failed: %d", err)
+		return false
+	}
+
+	return major >= 5 && middle >= 16
+}
+
 func mountToRootfs(m *configs.Mount, c *mountConfig) error {
 	rootfs := c.root
 	mountLabel := c.label
@@ -446,18 +492,24 @@ func mountToRootfs(m *configs.Mount, c *mountConfig) error {
 			return err
 		}
 
-		treeFd, err := openTree(-int(unix.EBADF), m.Source, uint(OPEN_TREE_CLONE|OPEN_TREE_CLOEXEC|unix.AT_EMPTY_PATH|unix.AT_RECURSIVE))
-		if err != nil || treeFd < 0 {
-			return err
-		}
+		if properVersionForIDMapMounts() {
+			treeFd, err := openTree(-int(unix.EBADF), m.Source, uint(OPEN_TREE_CLONE|OPEN_TREE_CLOEXEC|unix.AT_EMPTY_PATH|unix.AT_RECURSIVE))
+			if err != nil || treeFd < 0 {
+				return err
+			}
 
-		err = moveMount(treeFd, "", AT_FDCWD, dest, MOVE_MOUNT_F_EMPTY_PATH)
-		if err != nil {
-			return err
-		}
+			err = moveMount(treeFd, "", AT_FDCWD, dest, MOVE_MOUNT_F_EMPTY_PATH)
+			if err != nil {
+				return err
+			}
 
-		if err := mountIDMapMapped(m, treeFd); err != nil {
-			return err
+			if err := mountIDMapMapped(m, treeFd); err != nil {
+				return err
+			}
+		} else {
+			if err := mountPropagate(m, rootfs, mountLabel, mountFd); err != nil {
+				return err
+			}
 		}
 
 		// bind mount won't change mount options, we need remount to make mount options effective.
