From dc0783659798ee4e3911a29e8ac200e595e6605b Mon Sep 17 00:00:00 2001
From: zzzzzzzzzy9 <zhang.yu58@zte.com.cn>
Date: Thu, 30 May 2024 14:24:05 +0800
Subject: [PATCH] move unshare into chdir

---
 crates/shim/src/mount.rs | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/crates/shim/src/mount.rs b/crates/shim/src/mount.rs
index 6e3882be..76768eb8 100644
--- a/crates/shim/src/mount.rs
+++ b/crates/shim/src/mount.rs
@@ -24,7 +24,7 @@ use std::{
 };
 
 use lazy_static::lazy_static;
-use log::error;
+use log::{debug, error};
 #[cfg(target_os = "linux")]
 use nix::mount::{mount, MsFlags};
 #[cfg(target_os = "linux")]
@@ -532,6 +532,8 @@ pub fn mount_rootfs(
     target: impl AsRef<Path>,
 ) -> Result<()> {
     //TODO add helper to mount fuse
+    debug!("fs_type = {:?}, source = {:?}, options = {:?}, target = {:?}", fs_type, source, options, target.as_ref());
+
     let max_size = page_size::get();
     // NOTE: 512 id a buffer during pagesize check.
     let (chdir, options) =
@@ -562,8 +564,8 @@ pub fn mount_rootfs(
         None
     };
 
-    unshare(CloneFlags::CLONE_FS).unwrap();
     if let Some(workdir) = chdir {
+        unshare(CloneFlags::CLONE_FS).unwrap();
         env::set_current_dir(Path::new(&workdir)).unwrap_or_else(|_| {
             unsafe { libc::_exit(i32::from(MountExitCode::ChdirErr)) };
         });
@@ -723,4 +725,21 @@ mod tests {
             assert_eq!(options, expected_options);
         }
     }
+
+    #[test]
+    fn test_mount_rootfs() {
+        let fs_type = Some("overlay");
+        let source = Some("overlay");
+        let options = vec![
+            "index=off".to_string(),
+            "workdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/751/work".to_string(),
+            "upperdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/751/fs".to_string(),
+            "lowerdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/328/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/327/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/326/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/325/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/324/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/323/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/322/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/321/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/320/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/319/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/318/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/317/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/316/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/315/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/314/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/313/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/312/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/311/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/310/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/309/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/308/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/307/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/306/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/305/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/304/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/303/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/302/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/301/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/300/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/299/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/298/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/297/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/296/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/295/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/294/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/293/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/292/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/291/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/290/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/289/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/288/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/287/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/286/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/285/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/284/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/283/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/282/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/281/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/280/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/279/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/278/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/277/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/276/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/275/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/274/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/273/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/272/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/271/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/270/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/269/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/268/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/267/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/266/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/265/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/264/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/263/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/262/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/261/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/260/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/259/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/258/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/257/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/256/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/255/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/254/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/253/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/252/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/251/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/250/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/249/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/248/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/247/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/246/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/245/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/244/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/243/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/242/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/241/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/240/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/239/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/238/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/237/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/236/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/235/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/234/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/233/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/232/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/231/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/230/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/229/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/228/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/227/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/226/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/225/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/224/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/223/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/222/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/221/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/220/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/219/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/218/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/217/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/216/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/215/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/214/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/213/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/212/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/211/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/210/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/209/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/208/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/207/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/206/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/205/fs:/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/204/fs".to_string(),
+        ];
+        let target = std::path::PathBuf::from("/run/containerd/io.containerd.runtime.v2.task/k8s.io/55ecf3c3a83152a3fefea20fdd2b3aa0f77859bb55af145b778fefe4058dabde/rootfs");
+        let current_dir = env::current_dir().unwrap();
+        mount_rootfs(fs_type, source, &options, target).unwrap();
+        let current_dir_after_mount = env::current_dir().unwrap();
+        assert_eq!(current_dir, current_dir_after_mount);
+    }
 }