libct/nsenter: Show better errors for idmap mounts

While testing this with old kernel versions and kernels that don't support idmap mounts for some of the filesystems used by a container, I realized we can throw a more clear errors. Let's make it clear which syscall we are using, when it is not supported and when if the fs doesn't support idmap mounts, which path it is. Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
opencontainers · Jul 31, 2023 · 57f31c6 · 57f31c6
1 parent a5777e8
commit 57f31c6
Showing 1 changed file with 13 additions and 7 deletions.
diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c
@@ -699,10 +699,14 @@ void send_idmapsources(int sockfd, pid_t pid, char *idmap_src, int idmap_src_len
 					    AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT);
 		if (fd_tree < 0) {
 			sane_kill(pid, SIGKILL);
-			if (errno == EINVAL)
-				bail("failed to use open_tree(2) with path: %s, the kernel doesn't supports ID-mapped mounts", idmap_src);
-			else
-				bail("failed to use open_tree(2) with path: %s", idmap_src);
+			if (errno == ENOSYS) {
+				bail("open_tree(2) failed, the kernel doesn't support ID-mapped mounts");
+			} else if (errno == EINVAL) {
+				bail("open_tree(2) failed with path: %s, the kernel doesn't support ID-mapped mounts",
+				     idmap_src);
+			} else {
+				bail("open_tree(2) failed with path: %s", idmap_src);
+			}
 		}
 
 		struct mount_attr attr = {
@@ -713,10 +717,12 @@ void send_idmapsources(int sockfd, pid_t pid, char *idmap_src, int idmap_src_len
 		ret = sys_mount_setattr(fd_tree, "", AT_EMPTY_PATH, &attr, sizeof(attr));
 		if (ret < 0) {
 			sane_kill(pid, SIGKILL);
-			if (errno == EINVAL)
-				bail("failed to change mount attributes, maybe the filesystem doesn't supports ID-mapped mounts");
+			if (errno == ENOSYS)
+				bail("mount_setattr(2) failed, the kernel doesn't support ID-mapped mounts");
+			else if (errno == EINVAL)
+				bail("mount_setattr(2) failed with path: %s, maybe the filesystem doesn't support ID-mapped mounts", idmap_src);
 			else
-				bail("failed to change mount attributes");
+				bail("mount_setattr(2) failed with path: %s", idmap_src);
 		}
 
 		write_log(DEBUG, "~> sending idmap source: %s with mapping from: %s", idmap_src, proc_user_path);