bwrap: Add a selftest

I want a better error message if the user happens to execute inside e.g. a Docker container without sufficient privileges for recursive containerization. Closes: #429 Approved by: jlebon
2016-08-12 16:53:49 -04:00 · 2016-08-12 16:53:49 -04:00 · 7455e26273
commit 7455e26273
parent 551e4c91f9
3 changed files with 37 additions and 0 deletions
--- a/src/app/rpmostree-compose-builtin-tree.c
+++ b/src/app/rpmostree-compose-builtin-tree.c
@ -31,6 +31,7 @@

 #include "rpmostree-compose-builtins.h"
 #include "rpmostree-util.h"
+#include "rpmostree-bwrap.h"
 #include "rpmostree-core.h"
 #include "rpmostree-json-parsing.h"
 #include "rpmostree-postprocess.h"
@ -629,6 +630,11 @@ rpmostree_compose_builtin_tree (int             argc,
                   "compose tree must presently be run as uid 0 (root)");
      goto out;
    }
+  /* Test whether or not bwrap is going to work - we will fail inside e.g. a Docker
+   * container without --privileged or userns exposed.
+   */
+  if (!rpmostree_bwrap_selftest (error))
+    goto out;

  repo_path = g_file_new_for_path (opt_repo);
  repo = self->repo = ostree_repo_new (repo_path);
--- a/src/libpriv/rpmostree-bwrap.c
+++ b/src/libpriv/rpmostree-bwrap.c
@ -107,3 +107,32 @@ rpmostree_run_sync_fchdir_setup (char **argv_array, GSpawnFlags flags,

  return TRUE;
 }
+
+/* Execute /bin/true inside a bwrap container on the host */
+gboolean
+rpmostree_bwrap_selftest (GError **error)
+{
+  glnx_fd_close int host_root_dfd = -1;
+  g_autoptr(GPtrArray) bwrap_argv = NULL;
+
+  if (!glnx_opendirat (AT_FDCWD, "/", TRUE, &host_root_dfd, error))
+    return FALSE;
+
+  bwrap_argv = rpmostree_bwrap_base_argv_new_for_rootfs (host_root_dfd, error);
+  if (!bwrap_argv)
+    return FALSE;
+
+  rpmostree_ptrarray_append_strdup (bwrap_argv,
+                                    "--ro-bind", "usr", "/usr",
+                                    NULL);
+  g_ptr_array_add (bwrap_argv, g_strdup ("true"));
+  g_ptr_array_add (bwrap_argv, NULL);
+  if (!rpmostree_run_sync_fchdir_setup ((char**)bwrap_argv->pdata, G_SPAWN_SEARCH_PATH,
+                                        host_root_dfd, error))
+    {
+      g_prefix_error (error, "bwrap test failed, see https://github.com/projectatomic/rpm-ostree/pull/429: ");
+      return FALSE;
+    }
+
+  return TRUE;
+}
--- a/src/libpriv/rpmostree-bwrap.h
+++ b/src/libpriv/rpmostree-bwrap.h
@ -30,3 +30,5 @@ void rpmostree_ptrarray_append_strdup (GPtrArray *argv_array, ...) G_GNUC_NULL_T

 gboolean rpmostree_run_sync_fchdir_setup (char **argv_array, GSpawnFlags flags,
                                          int rootfs_fd, GError **error);
+
+gboolean rpmostree_bwrap_selftest (GError **error);