kata-types: Introduce a helper method to adjust rootfs mounts

This commit introduces the `adjust_rootfs_mounts` function to manage
root filesystem mounts for guest-pull scenarios.

When the force guest-pull mechanism is active, this function ensures that
the rootfs is exclusively configured via a dedicated `KataVirtualVolume`.
It disregards any provided input mounts, instead generating a single,
default `KataVirtualVolume`. This volume is then base64-encoded and set
as the sole mount option for a new, singular `Mount` entry, which is
returned as the only item in the `Vec<Mount>`.

This change guarantees consistent and exclusive rootfs configuration
when utilizing guest-pull for container images.

Signed-off-by: alex.lyn <alex.lyn@antgroup.com>

src/libs/kata-types/src/mount.rs

@@ -512,6 +512,29 @@ pub fn split_bind_mounts(bindmount: &str) -> (&str, &str) {
     (real_path, mode)
 }
 
+/// This function, adjust_rootfs_mounts, manages the root filesystem mounts based on guest-pull mechanism.
+/// - the function disregards any provided rootfs_mounts.
+/// Instead, it forcefully creates a single, default KataVirtualVolume specifically for guest-pull operations.
+/// This volume's representation is then base64-encoded and added as the only option to a new, singular Mount entry,
+/// which becomes the sole item in the returned Vec<Mount>.
+/// This ensures that when guest pull is active, the root filesystem is exclusively configured via this virtual volume.
+pub fn adjust_rootfs_mounts() -> Result<Vec<Mount>> {
+    // We enforce a single, default KataVirtualVolume as the exclusive rootfs mount.
+    let volume = KataVirtualVolume::new(KATA_VIRTUAL_VOLUME_IMAGE_GUEST_PULL.to_string());
+
+    // Convert the virtual volume to a base64 string for the mount option.
+    let b64_vol = volume
+        .to_base64()
+        .context("failed to base64 encode KataVirtualVolume")?;
+
+    // Create a new Vec<Mount> with a single Mount entry.
+    // This Mount's options will contain the base64-encoded virtual volume.
+    Ok(vec![Mount {
+        options: vec![format!("{}={}", "io.katacontainers.volume", b64_vol)],
+        ..Default::default() // Use default values for other Mount fields
+    }])
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -681,4 +704,36 @@ mod tests {
         );
         assert_eq!(volume.fs_type.as_str(), "rafsv6")
     }
+
+    #[test]
+    fn test_adjust_rootfs_mounts_basic_success() {
+        let result = adjust_rootfs_mounts();
+        assert!(result.is_ok());
+        let mounts = result.unwrap();
+
+        // 1. Mount length is 1
+        assert_eq!(mounts.len(), 1);
+        let returned_mount = &mounts[0];
+
+        // 2. Verify Mount's fields and ensure source, destination, typ with default value
+        let expected_default_mount = Mount::default();
+        assert_eq!(returned_mount.source, expected_default_mount.source);
+        assert_eq!(
+            returned_mount.destination,
+            expected_default_mount.destination
+        );
+        assert_eq!(returned_mount.fs_type, expected_default_mount.fs_type);
+
+        // 3. Mount's options
+        assert_eq!(returned_mount.options.len(), 1);
+        let option_str = &returned_mount.options[0];
+        assert!(option_str.starts_with("io.katacontainers.volume="));
+
+        let expected_volume_obj =
+            KataVirtualVolume::new(KATA_VIRTUAL_VOLUME_IMAGE_GUEST_PULL.to_string());
+        let expected_b64_vol = expected_volume_obj.to_base64().unwrap();
+        let (_prefix, encoded_vol) = option_str.split_once("io.katacontainers.volume=").unwrap();
+
+        assert_eq!(encoded_vol, expected_b64_vol);
+    }
 }