mount/linux: add a safe wrapper for open_tree(2)

This adds an ergonomic wrapper for the Linux-specific `open_tree(2)`
syscall, using safe-io file descriptors.
The syscall has been introduced in kernel version 5.2 and allows
FD-based manipulation of mount hierarchies.

Author: lucab

CHANGELOG.md

@@ -13,6 +13,8 @@ This project adheres to [Semantic Versioning](https://semver.org/).
   ([#1912](https://github.com/nix-rust/nix/pull/1912))
 - Added `mq_timedreceive` to `::nix::mqueue`.
   ([#1966])(https://github.com/nix-rust/nix/pull/1966)
+- Added `mount::open_tree()` helper on Linux.
+  ([#1958](https://github.com/nix-rust/nix/pull/1958))
 
 ### Changed
 

src/mount/linux.rs

@@ -1,6 +1,7 @@
+use std::os::unix::io::{AsFd, AsRawFd, FromRawFd, OwnedFd, RawFd};
 use crate::errno::Errno;
 use crate::{NixPath, Result};
-use libc::{self, c_int, c_ulong};
+use libc::{self, c_int, c_uint, c_ulong};
 
 libc_bitflags!(
     /// Used with [`mount`].
@@ -161,3 +162,36 @@ pub fn umount2<P: ?Sized + NixPath>(target: &P, flags: MntFlags) -> Result<()> {
 
     Errno::result(res).map(drop)
 }
+
+libc_bitflags!(
+    /// Flags for [`open_tree()`].
+    pub struct OpenTreeFlags: c_uint {
+        /// Directly query the mount attached to the file descriptor.
+        AT_EMPTY_PATH as c_uint;
+        /// Do not trigger an automount target.
+        AT_NO_AUTOMOUNT as c_uint;
+        /// When cloning, also clone nested mount subtrees.
+        AT_RECURSIVE as c_uint;
+        /// If target is a symbolic link, do not dereference it.
+        AT_SYMLINK_NOFOLLOW as c_uint;
+        /// Clone the mount object.
+        OPEN_TREE_CLONE as c_uint;
+        /// Set the close-on-exec flag for the returned file descriptor.
+        OPEN_TREE_CLOEXEC as c_uint;
+    }
+);
+
+/// Find the mount object for the target path, and return it as a file-descriptor.
+///
+/// The returned FD behaves in the same way as those opened via `O_PATH`.
+pub fn open_tree<Fd: AsFd, P: ?Sized + NixPath>(
+    dirfd: Option<Fd>,
+    pathname: &P,
+    flags: OpenTreeFlags,
+) -> Result<OwnedFd> {
+    let res = pathname.with_nix_path(|cstr| unsafe {
+        let fd = dirfd.map(|v| v.as_fd().as_raw_fd()).unwrap_or(-1);
+        libc::syscall(libc::SYS_open_tree, fd, cstr.as_ptr(), flags.bits())
+    })?;
+    Errno::result(res).map(|r| unsafe { OwnedFd::from_raw_fd(r as RawFd) })
+}

test/test_mount.rs

@@ -11,12 +11,13 @@ mod test_mount {
     use std::io::{self, Read, Write};
     use std::os::unix::fs::OpenOptionsExt;
     use std::os::unix::fs::PermissionsExt;
+    use std::os::unix::io::{IntoRawFd, OwnedFd};
     use std::process::{self, Command};
 
     use libc::{EACCES, EROFS};
 
     use nix::errno::Errno;
-    use nix::mount::{mount, umount, MsFlags};
+    use nix::mount::{mount, open_tree, umount, MsFlags, OpenTreeFlags};
     use nix::sched::{unshare, CloneFlags};
     use nix::sys::stat::{self, Mode};
     use nix::unistd::getuid;
@@ -203,6 +204,31 @@ exit 23";
         assert_eq!(buf, SCRIPT_CONTENTS);
     }
 
+    pub(crate) fn test_open_tree() {
+        let tempdir = tempfile::tempdir().unwrap();
+        let abs_path = tempdir.path();
+        let res = open_tree(
+            Option::<OwnedFd>::None,
+            abs_path,
+            OpenTreeFlags::empty(),
+        );
+        let mount_fd = match res {
+            Ok(fd) => fd,
+            Err(e) if e == Errno::ENOSYS => {
+                let stderr = io::stderr();
+                let mut handle = stderr.lock();
+                writeln!(
+                    handle,
+                    "Detected kernel without `open_tree` syscall, skipping test."
+                )
+                .unwrap();
+                return;
+            }
+            Err(e) => panic!("{}", e),
+        };
+        nix::unistd::close(mount_fd.into_raw_fd()).unwrap()
+    }
+
     pub fn setup_namespaces() {
         // Hold on to the uid in the parent namespace.
         let uid = getuid();
@@ -250,12 +276,13 @@ fn main() {
     use test_mount::{
         setup_namespaces, test_mount_bind, test_mount_noexec_disallows_exec,
         test_mount_rdonly_disallows_write,
-        test_mount_tmpfs_without_flags_allows_rwx,
+        test_mount_tmpfs_without_flags_allows_rwx, test_open_tree,
     };
     skip_if_cirrus!("Fails for an unknown reason Cirrus CI.  Bug #1351");
     setup_namespaces();
 
     run_tests!(
+        test_open_tree,
         test_mount_tmpfs_without_flags_allows_rwx,
         test_mount_rdonly_disallows_write,
         test_mount_noexec_disallows_exec,