install: Fix broken warn_on_host_root check

The `warn_on_host_root` check was broken when we added support for installing on already-ostree systems. See containers#907 The solution is to use the original user provided root_path for the fd passed to warn_on_host_root, rather than the modified one, as that will always match /proc/0/root's fsid (in ostree systems systemd is running with the deployment root as its root, and this is what we have mounted as /:/target) Signed-off-by: Omer Tuchfeld <[email protected]>
omertuc · Nov 19, 2024 · daddb84 · daddb84
1 parent 3604dbb
commit daddb84
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/lib/src/install.rs b/lib/src/install.rs
@@ -1653,11 +1653,15 @@ pub(crate) async fn install_to_filesystem(
     // the deployment root.
     let possible_physical_root = fsopts.root_path.join("sysroot");
     let possible_ostree_dir = possible_physical_root.join("ostree");
-    if possible_ostree_dir.exists() {
+    let original_root_path = if possible_ostree_dir.exists() {
         tracing::debug!(
             "ostree detected in {possible_ostree_dir}, assuming target is a deployment root and using {possible_physical_root}"
         );
+        let original = fsopts.root_path.clone();
         fsopts.root_path = possible_physical_root;
+        original
+    } else {
+        fsopts.root_path.clone()
     };
 
     // Get a file descriptor for the root path
@@ -1683,7 +1687,10 @@ pub(crate) async fn install_to_filesystem(
 
     // Check to see if this happens to be the real host root
     if !fsopts.acknowledge_destructive {
-        warn_on_host_root(&rootfs_fd)?;
+        let original_rootfs_fd =
+            Dir::open_ambient_dir(&original_root_path, cap_std::ambient_authority())
+                .with_context(|| format!("Opening target root directory {original_root_path}"))?;
+        warn_on_host_root(&original_rootfs_fd)?;
     }
 
     match fsopts.replace {