From 57f31c68dca758a94fc9ebd22e286bc5b7196c07 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Thu, 27 Jul 2023 14:10:08 +0200 Subject: [PATCH] libct/nsenter: Show better errors for idmap mounts While testing this with old kernel versions and kernels that don't support idmap mounts for some of the filesystems used by a container, I realized we can throw a more clear errors. Let's make it clear which syscall we are using, when it is not supported and when if the fs doesn't support idmap mounts, which path it is. Signed-off-by: Rodrigo Campos --- libcontainer/nsenter/nsexec.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index 6297276f8b2..22b6ea1cd21 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -699,10 +699,14 @@ void send_idmapsources(int sockfd, pid_t pid, char *idmap_src, int idmap_src_len AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT); if (fd_tree < 0) { sane_kill(pid, SIGKILL); - if (errno == EINVAL) - bail("failed to use open_tree(2) with path: %s, the kernel doesn't supports ID-mapped mounts", idmap_src); - else - bail("failed to use open_tree(2) with path: %s", idmap_src); + if (errno == ENOSYS) { + bail("open_tree(2) failed, the kernel doesn't support ID-mapped mounts"); + } else if (errno == EINVAL) { + bail("open_tree(2) failed with path: %s, the kernel doesn't support ID-mapped mounts", + idmap_src); + } else { + bail("open_tree(2) failed with path: %s", idmap_src); + } } struct mount_attr attr = { @@ -713,10 +717,12 @@ void send_idmapsources(int sockfd, pid_t pid, char *idmap_src, int idmap_src_len ret = sys_mount_setattr(fd_tree, "", AT_EMPTY_PATH, &attr, sizeof(attr)); if (ret < 0) { sane_kill(pid, SIGKILL); - if (errno == EINVAL) - bail("failed to change mount attributes, maybe the filesystem doesn't supports ID-mapped mounts"); + if (errno == ENOSYS) + bail("mount_setattr(2) failed, the kernel doesn't support ID-mapped mounts"); + else if (errno == EINVAL) + bail("mount_setattr(2) failed with path: %s, maybe the filesystem doesn't support ID-mapped mounts", idmap_src); else - bail("failed to change mount attributes"); + bail("mount_setattr(2) failed with path: %s", idmap_src); } write_log(DEBUG, "~> sending idmap source: %s with mapping from: %s", idmap_src, proc_user_path);