From eab7e6779f41d318f720755aa379d68440d1ba7a Mon Sep 17 00:00:00 2001
From: Laitron <meetlq@outlook.com>
Date: Fri, 20 Jan 2023 16:27:22 +0800
Subject: [PATCH] [Refactor] Move withBindMountHostProcfs from cmd to
 pkg/containerutil

Signed-off-by: Laitron <meetlq@outlook.com>
---
 cmd/nerdctl/run.go                 | 33 ++---------------------------
 cmd/nerdctl/run_linux.go           |  3 ++-
 pkg/containerutil/containerutil.go | 34 ++++++++++++++++++++++++++++++
 3 files changed, 38 insertions(+), 32 deletions(-)

diff --git a/cmd/nerdctl/run.go b/cmd/nerdctl/run.go
index 5d9029fe952..aed79cab273 100644
--- a/cmd/nerdctl/run.go
+++ b/cmd/nerdctl/run.go
@@ -43,6 +43,7 @@ import (
 	"github.com/containerd/nerdctl/pkg/clientutil"
 	"github.com/containerd/nerdctl/pkg/cmd/container"
 	"github.com/containerd/nerdctl/pkg/cmd/image"
+	"github.com/containerd/nerdctl/pkg/containerutil"
 	"github.com/containerd/nerdctl/pkg/defaults"
 	"github.com/containerd/nerdctl/pkg/errutil"
 	"github.com/containerd/nerdctl/pkg/idgen"
@@ -922,36 +923,6 @@ func withBindMountHostIPC(_ context.Context, _ oci.Client, _ *containers.Contain
 	return nil
 }
 
-// withBindMountHostProcfs replaces procfs mount with rbind.
-// Required for --pid=host on rootless.
-//
-// https://github.com/moby/moby/pull/41893/files
-// https://github.com/containers/podman/blob/v3.0.0-rc1/pkg/specgen/generate/oci.go#L248-L257
-func withBindMountHostProcfs(_ context.Context, _ oci.Client, _ *containers.Container, s *oci.Spec) error {
-	for i, m := range s.Mounts {
-		if path.Clean(m.Destination) == "/proc" {
-			newM := specs.Mount{
-				Destination: "/proc",
-				Type:        "bind",
-				Source:      "/proc",
-				Options:     []string{"rbind", "nosuid", "noexec", "nodev"},
-			}
-			s.Mounts[i] = newM
-		}
-	}
-
-	// Remove ReadonlyPaths for /proc/*
-	newROP := s.Linux.ReadonlyPaths[:0]
-	for _, x := range s.Linux.ReadonlyPaths {
-		x = path.Clean(x)
-		if !strings.HasPrefix(x, "/proc/") {
-			newROP = append(newROP, x)
-		}
-	}
-	s.Linux.ReadonlyPaths = newROP
-	return nil
-}
-
 func generateLogURI(dataStore string) (*url.URL, error) {
 	selfExe, err := os.Executable()
 	if err != nil {
@@ -1296,7 +1267,7 @@ func generateSharingPIDOpts(ctx context.Context, targetCon containerd.Container)
 	if isHost {
 		opts = append(opts, oci.WithHostNamespace(specs.PIDNamespace))
 		if rootlessutil.IsRootless() {
-			opts = append(opts, withBindMountHostProcfs)
+			opts = append(opts, containerutil.WithBindMountHostProcfs)
 		}
 	} else {
 		ns := specs.LinuxNamespace{
diff --git a/cmd/nerdctl/run_linux.go b/cmd/nerdctl/run_linux.go
index 60d0148e2e7..213621e8d84 100644
--- a/cmd/nerdctl/run_linux.go
+++ b/cmd/nerdctl/run_linux.go
@@ -28,6 +28,7 @@ import (
 	"github.com/containerd/containerd/pkg/userns"
 	"github.com/containerd/nerdctl/pkg/api/types"
 	"github.com/containerd/nerdctl/pkg/bypass4netnsutil"
+	"github.com/containerd/nerdctl/pkg/containerutil"
 	"github.com/containerd/nerdctl/pkg/idutil/containerwalker"
 	"github.com/containerd/nerdctl/pkg/rootlessutil"
 	"github.com/containerd/nerdctl/pkg/strutil"
@@ -280,7 +281,7 @@ func generatePIDOpts(ctx context.Context, client *containerd.Client, pid string)
 	case "host":
 		opts = append(opts, oci.WithHostNamespace(specs.PIDNamespace))
 		if rootlessutil.IsRootless() {
-			opts = append(opts, withBindMountHostProcfs)
+			opts = append(opts, containerutil.WithBindMountHostProcfs)
 		}
 	default: // container:<id|name>
 		parsed := strings.Split(pid, ":")
diff --git a/pkg/containerutil/containerutil.go b/pkg/containerutil/containerutil.go
index ec2ee1fb41a..215a0291b84 100644
--- a/pkg/containerutil/containerutil.go
+++ b/pkg/containerutil/containerutil.go
@@ -20,13 +20,17 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"path"
 	"strconv"
 	"strings"
 	"time"
 
 	"github.com/containerd/containerd"
+	"github.com/containerd/containerd/containers"
+	"github.com/containerd/containerd/oci"
 	"github.com/containerd/containerd/runtime/restart"
 	"github.com/containerd/nerdctl/pkg/portutil"
+	"github.com/opencontainers/runtime-spec/specs-go"
 )
 
 // PrintHostPort writes to `writer` the public (HostIP:HostPort) of a given `containerPort/protocol` in a container.
@@ -95,3 +99,33 @@ func UpdateExplicitlyStoppedLabel(ctx context.Context, container containerd.Cont
 	})
 	return container.Update(ctx, containerd.UpdateContainerOpts(opt))
 }
+
+// WithBindMountHostProcfs replaces procfs mount with rbind.
+// Required for --pid=host on rootless.
+//
+// https://github.com/moby/moby/pull/41893/files
+// https://github.com/containers/podman/blob/v3.0.0-rc1/pkg/specgen/generate/oci.go#L248-L257
+func WithBindMountHostProcfs(_ context.Context, _ oci.Client, _ *containers.Container, s *oci.Spec) error {
+	for i, m := range s.Mounts {
+		if path.Clean(m.Destination) == "/proc" {
+			newM := specs.Mount{
+				Destination: "/proc",
+				Type:        "bind",
+				Source:      "/proc",
+				Options:     []string{"rbind", "nosuid", "noexec", "nodev"},
+			}
+			s.Mounts[i] = newM
+		}
+	}
+
+	// Remove ReadonlyPaths for /proc/*
+	newROP := s.Linux.ReadonlyPaths[:0]
+	for _, x := range s.Linux.ReadonlyPaths {
+		x = path.Clean(x)
+		if !strings.HasPrefix(x, "/proc/") {
+			newROP = append(newROP, x)
+		}
+	}
+	s.Linux.ReadonlyPaths = newROP
+	return nil
+}