rustjail: add more context info for errors

Fixes: #1214

Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>

src/agent/rustjail/src/validator.rs

@@ -4,7 +4,7 @@
 //
 
 use crate::container::Config;
-use anyhow::{anyhow, Result};
+use anyhow::{anyhow, Context, Result};
 use nix::errno::Errno;
 use oci::{LinuxIDMapping, LinuxNamespace, Spec};
 use std::collections::HashMap;
@@ -57,7 +57,7 @@ fn rootfs(root: &str) -> Result<()> {
         cleaned.push(e);
     }
 
-    let canon = path.canonicalize()?;
+    let canon = path.canonicalize().context("canonicalize")?;
     if cleaned != canon {
         // There is symbolic in path
         return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL)));
@@ -120,8 +120,8 @@ fn usernamespace(oci: &Spec) -> Result<()> {
         }
         // check if idmappings is correct, at least I saw idmaps
         // with zero size was passed to agent
-        idmapping(&linux.uid_mappings)?;
+        idmapping(&linux.uid_mappings).context("idmapping uid")?;
-        idmapping(&linux.gid_mappings)?;
+        idmapping(&linux.gid_mappings).context("idmapping gid")?;
     } else {
         // no user namespace but idmap
         if !linux.uid_mappings.is_empty() || !linux.gid_mappings.is_empty() {
@@ -162,14 +162,20 @@ fn check_host_ns(path: &str) -> Result<()> {
     let cpath = PathBuf::from(path);
     let hpath = PathBuf::from("/proc/self/ns/net");
 
-    let real_hpath = hpath.read_link()?;
+    let real_hpath = hpath
-    let meta = cpath.symlink_metadata()?;
+        .read_link()
+        .context(format!("read link {:?}", hpath))?;
+    let meta = cpath
+        .symlink_metadata()
+        .context(format!("symlink metadata {:?}", cpath))?;
     let file_type = meta.file_type();
 
     if !file_type.is_symlink() {
         return Ok(());
     }
-    let real_cpath = cpath.read_link()?;
+    let real_cpath = cpath
+        .read_link()
+        .context(format!("read link {:?}", cpath))?;
     if real_cpath == real_hpath {
         return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL)));
     }
@@ -238,7 +244,10 @@ fn rootless_euid_mount(oci: &Spec) -> Result<()> {
                     return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL)));
                 }
 
-                let id = fields[1].trim().parse::<u32>()?;
+                let id = fields[1]
+                    .trim()
+                    .parse::<u32>()
+                    .context(format!("parse field {}", &fields[1]))?;
 
                 if opt.starts_with("uid=") && !has_idmapping(&linux.uid_mappings, id) {
                     return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL)));
@@ -254,8 +263,8 @@ fn rootless_euid_mount(oci: &Spec) -> Result<()> {
 }
 
 fn rootless_euid(oci: &Spec) -> Result<()> {
-    rootless_euid_mapping(oci)?;
+    rootless_euid_mapping(oci).context("rootless euid mapping")?;
-    rootless_euid_mount(oci)?;
+    rootless_euid_mount(oci).context("rotless euid mount")?;
     Ok(())
 }
 
@@ -272,16 +281,16 @@ pub fn validate(conf: &Config) -> Result<()> {
     }
     let root = oci.root.as_ref().unwrap().path.as_str();
 
-    rootfs(root)?;
+    rootfs(root).context("rootfs")?;
-    network(oci)?;
+    network(oci).context("network")?;
-    hostname(oci)?;
+    hostname(oci).context("hostname")?;
-    security(oci)?;
+    security(oci).context("security")?;
-    usernamespace(oci)?;
+    usernamespace(oci).context("usernamespace")?;
-    cgroupnamespace(oci)?;
+    cgroupnamespace(oci).context("cgroupnamespace")?;
-    sysctl(&oci)?;
+    sysctl(&oci).context("sysctl")?;
 
     if conf.rootless_euid {
-        rootless_euid(oci)?;
+        rootless_euid(oci).context("rootless euid")?;
     }
 
     Ok(())