linux: fix mount of file with recursive flags

do not assume it is a directory, but check the source type. Closes: containers#1421 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe · Feb 26, 2024 · 5884fd4 · 5884fd4
1 parent b9e87e7
commit 5884fd4
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 1 deletion.
diff --git a/src/libcrun/linux.c b/src/libcrun/linux.c
@@ -2273,9 +2273,10 @@ do_mounts (libcrun_container_t *container, int rootfsfd, const char *rootfs, con
 
       if (rec_clear || rec_set)
         {
+          const bool is_dir = S_ISDIR (src_mode);
           cleanup_close int dfd = -1;
 
-          dfd = safe_openat (rootfsfd, rootfs, rootfs_len, target, O_CLOEXEC | O_DIRECTORY, 0, err);
+          dfd = safe_openat (rootfsfd, rootfs, rootfs_len, target, O_CLOEXEC | (is_dir ? O_DIRECTORY : 0), 0, err);
           if (UNLIKELY (dfd < 0))
             return crun_make_error (err, errno, "open mount target `/%s`", target);
 

diff --git a/tests/test_mounts.py b/tests/test_mounts.py
@@ -216,6 +216,19 @@ def test_mount_ro():
             return -1
     return 0
 
+def test_mount_rro():
+    for userns in [True, False]:
+        a = helper_mount("rro", userns=userns, is_file=True)[0]
+        if "ro" not in a:
+            return -1
+        a = helper_mount("rro", userns=userns)[0]
+        if "ro" not in a:
+            return -1
+        a = helper_mount("rro", userns=userns, tmpfs=False)[0]
+        if "ro" not in a:
+            return -1
+    return 0
+
 def test_mount_rw():
     for userns in [True, False]:
         a = helper_mount("rw", tmpfs=False, userns=userns)[0]
@@ -551,6 +564,7 @@ def test_cgroup_mount_without_netns():
 
 all_tests = {
     "mount-ro" : test_mount_ro,
+    "mount-rro" : test_mount_rro,
     "mount-rw" : test_mount_rw,
     "mount-relatime" : test_mount_relatime,
     "mount-strictatime" : test_mount_strictatime,