From 21570751400c731f217a661fcba325bc1c94f079 Mon Sep 17 00:00:00 2001 From: "alex.lyn" Date: Sun, 1 Jun 2025 22:28:56 +0800 Subject: [PATCH] kata-types: Introduce a helper method to adjust rootfs mounts This commit introduces the `adjust_rootfs_mounts` function to manage root filesystem mounts for guest-pull scenarios. When the force guest-pull mechanism is active, this function ensures that the rootfs is exclusively configured via a dedicated `KataVirtualVolume`. It disregards any provided input mounts, instead generating a single, default `KataVirtualVolume`. This volume is then base64-encoded and set as the sole mount option for a new, singular `Mount` entry, which is returned as the only item in the `Vec`. This change guarantees consistent and exclusive rootfs configuration when utilizing guest-pull for container images. Signed-off-by: alex.lyn --- src/libs/kata-types/src/mount.rs | 55 ++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/src/libs/kata-types/src/mount.rs b/src/libs/kata-types/src/mount.rs index 848bde6355..629a1ee3b5 100644 --- a/src/libs/kata-types/src/mount.rs +++ b/src/libs/kata-types/src/mount.rs @@ -512,6 +512,29 @@ pub fn split_bind_mounts(bindmount: &str) -> (&str, &str) { (real_path, mode) } +/// This function, adjust_rootfs_mounts, manages the root filesystem mounts based on guest-pull mechanism. +/// - the function disregards any provided rootfs_mounts. +/// Instead, it forcefully creates a single, default KataVirtualVolume specifically for guest-pull operations. +/// This volume's representation is then base64-encoded and added as the only option to a new, singular Mount entry, +/// which becomes the sole item in the returned Vec. +/// This ensures that when guest pull is active, the root filesystem is exclusively configured via this virtual volume. +pub fn adjust_rootfs_mounts() -> Result> { + // We enforce a single, default KataVirtualVolume as the exclusive rootfs mount. + let volume = KataVirtualVolume::new(KATA_VIRTUAL_VOLUME_IMAGE_GUEST_PULL.to_string()); + + // Convert the virtual volume to a base64 string for the mount option. + let b64_vol = volume + .to_base64() + .context("failed to base64 encode KataVirtualVolume")?; + + // Create a new Vec with a single Mount entry. + // This Mount's options will contain the base64-encoded virtual volume. + Ok(vec![Mount { + options: vec![format!("{}={}", "io.katacontainers.volume", b64_vol)], + ..Default::default() // Use default values for other Mount fields + }]) +} + #[cfg(test)] mod tests { use super::*; @@ -681,4 +704,36 @@ mod tests { ); assert_eq!(volume.fs_type.as_str(), "rafsv6") } + + #[test] + fn test_adjust_rootfs_mounts_basic_success() { + let result = adjust_rootfs_mounts(); + assert!(result.is_ok()); + let mounts = result.unwrap(); + + // 1. Mount length is 1 + assert_eq!(mounts.len(), 1); + let returned_mount = &mounts[0]; + + // 2. Verify Mount's fields and ensure source, destination, typ with default value + let expected_default_mount = Mount::default(); + assert_eq!(returned_mount.source, expected_default_mount.source); + assert_eq!( + returned_mount.destination, + expected_default_mount.destination + ); + assert_eq!(returned_mount.fs_type, expected_default_mount.fs_type); + + // 3. Mount's options + assert_eq!(returned_mount.options.len(), 1); + let option_str = &returned_mount.options[0]; + assert!(option_str.starts_with("io.katacontainers.volume=")); + + let expected_volume_obj = + KataVirtualVolume::new(KATA_VIRTUAL_VOLUME_IMAGE_GUEST_PULL.to_string()); + let expected_b64_vol = expected_volume_obj.to_base64().unwrap(); + let (_prefix, encoded_vol) = option_str.split_once("io.katacontainers.volume=").unwrap(); + + assert_eq!(encoded_vol, expected_b64_vol); + } }