refactor: make mountdevice a receiver function on Device

container/container_reexec.go

@@ -60,13 +60,14 @@ func (c *Container) Reexec() error {
 	}
 
 	if c.State.ConsoleSocket != nil && c.Spec.Process.Terminal {
-		if err := filesystem.MountDevice(filesystem.Device{
+		dev := filesystem.Device{
 			Source: pty.Slave.Name(),
 			Target: filepath.Join(c.Rootfs(), "dev/console"),
 			Fstype: "bind",
 			Flags:  syscall.MS_BIND,
 			Data:   "",
-		}); err != nil {
+		}
+		if err := dev.Mount(); err != nil {
 			return fmt.Errorf("mount dev/console device: %w", err)
 		}
 	}

filesystem/devices.go

@@ -1,6 +1,7 @@
 package filesystem
 
 import (
+	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
@@ -89,6 +90,36 @@ var defaultDevices = []specs.LinuxDevice{
 	},
 }
 
+func (d *Device) Mount() error {
+	if _, err := os.Stat(d.Target); os.IsNotExist(err) {
+		f, err := os.Create(d.Target)
+		if err != nil && !os.IsExist(err) {
+			return fmt.Errorf("create device target if not exists: %w", err)
+		}
+		if f != nil {
+			f.Close()
+		}
+	}
+
+	// added to satisfy 'docker run' issue
+	// TODO: figure out _why_
+	if d.Fstype == "cgroup" {
+		return nil
+	}
+
+	if err := syscall.Mount(
+		d.Source,
+		d.Target,
+		d.Fstype,
+		d.Flags,
+		d.Data,
+	); err != nil {
+		return fmt.Errorf("mounting device: %w", err)
+	}
+
+	return nil
+}
+
 func mountDefaultDevices(rootfs string) error {
 	return mountDevices(defaultDevices, rootfs)
 }

filesystem/filesystem.go

@@ -6,60 +6,32 @@ import (
 	"path/filepath"
 	"slices"
 	"strings"
-	"syscall"
 
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"golang.org/x/sys/unix"
 )
 
-func MountDevice(device Device) error {
-	if _, err := os.Stat(device.Target); os.IsNotExist(err) {
-		f, err := os.Create(device.Target)
-		if err != nil && !os.IsExist(err) {
-			return fmt.Errorf("create device target if not exists: %w", err)
-		}
-		if f != nil {
-			f.Close()
-		}
-	}
-
-	// added to satisfy 'docker run' issue
-	// TODO: figure out _why_
-	if device.Fstype == "cgroup" {
-		return nil
-	}
-
-	if err := syscall.Mount(
-		device.Source,
-		device.Target,
-		device.Fstype,
-		device.Flags,
-		device.Data,
-	); err != nil {
-		return fmt.Errorf("mounting device: %w", err)
-	}
-
-	return nil
-}
-
 func mountRootfs(containerRootfs string) error {
-	if err := MountDevice(Device{
+	dev1 := Device{
 		Source: "",
 		Target: "/",
 		Fstype: "",
 		Flags:  unix.MS_PRIVATE | unix.MS_REC,
 		Data:   "",
-	}); err != nil {
+	}
+	if err := dev1.Mount(); err != nil {
 		return err
 	}
 
-	if err := MountDevice(Device{
+	dev2 := Device{
 		Source: containerRootfs,
 		Target: containerRootfs,
 		Fstype: "",
 		Flags:  unix.MS_BIND | unix.MS_REC,
 		Data:   "",
-	}); err != nil {
+	}
+
+	if err := dev2.Mount(); err != nil {
 		return err
 	}
 
@@ -72,13 +44,15 @@ func mountProc(containerRootfs string) error {
 		return fmt.Errorf("create proc dir: %w", err)
 	}
 
-	if err := MountDevice(Device{
+	dev := Device{
 		Source: "proc",
 		Target: containerProc,
 		Fstype: "proc",
 		Flags:  uintptr(0),
 		Data:   "",
-	}); err != nil {
+	}
+
+	if err := dev.Mount(); err != nil {
 		return err
 	}
 
@@ -92,8 +66,8 @@ func devIsInSpec(mounts []specs.Mount, dev string) bool {
 }
 
 func mountDevices(devices []specs.LinuxDevice, rootfs string) error {
-	for _, dev := range devices {
-		absPath := filepath.Join(rootfs, strings.TrimPrefix(dev.Path, "/"))
+	for _, d := range devices {
+		absPath := filepath.Join(rootfs, strings.TrimPrefix(d.Path, "/"))
 
 		if _, err := os.Stat(absPath); os.IsNotExist(err) {
 			f, err := os.Create(absPath)
@@ -105,13 +79,15 @@ func mountDevices(devices []specs.LinuxDevice, rootfs string) error {
 			}
 		}
 
-		if err := MountDevice(Device{
-			Source: dev.Path,
+		dev := Device{
+			Source: d.Path,
 			Target: absPath,
 			Fstype: "bind",
 			Flags:  unix.MS_BIND,
 			Data:   "",
-		}); err != nil {
+		}
+
+		if err := dev.Mount(); err != nil {
 			return fmt.Errorf("mount device: %w", err)
 		}
 	}
@@ -151,16 +127,16 @@ func mountSpecMounts(mounts []specs.Mount, rootfs string) error {
 			data = strings.Join(dataOptions, ",")
 		}
 
-		d := Device{
+		dev := Device{
 			Source: mount.Source,
 			Target: dest,
 			Fstype: mount.Type,
 			Flags:  uintptr(flags),
 			Data:   data,
 		}
 
-		if err := MountDevice(d); err != nil {
-			return fmt.Errorf("mount device (%+v): %w", d, err)
+		if err := dev.Mount(); err != nil {
+			return fmt.Errorf("mount device (%+v): %w", dev, err)
 		}
 	}
 

filesystem/masked_paths.go

@@ -13,28 +13,30 @@ func MountMaskedPaths(paths []string) error {
 			continue
 		}
 
+		var dev Device
+
 		if f.IsDir() {
-			if err := MountDevice(Device{
+			dev = Device{
 				Source: "tmpfs",
 				Target: path,
 				Fstype: "tmpfs",
 				Flags:  unix.MS_RDONLY,
 				Data:   "",
-			}); err != nil {
-				return err
 			}
 		} else {
-			if err := MountDevice(Device{
+			dev = Device{
 				Source: "/dev/null",
 				Target: path,
 				Fstype: "bind",
 				Flags:  unix.MS_BIND,
 				Data:   "",
-			}); err != nil {
-				return err
 			}
 		}
 
+		if err := dev.Mount(); err != nil {
+			return err
+		}
+
 	}
 
 	return nil

filesystem/readonly_paths.go

@@ -6,24 +6,26 @@ import (
 
 func MountReadonlyPaths(paths []string) error {
 	for _, path := range paths {
-		if err := MountDevice(Device{
+		initDev := Device{
 			Source: path,
 			Target: path,
 			Fstype: "",
 			Flags:  unix.MS_REC | unix.MS_BIND,
 			Data:   "",
-		}); err != nil {
+		}
+		if err := initDev.Mount(); err != nil {
 			return err
 		}
 
-		if err := MountDevice(Device{
+		remountDev := Device{
 			Source: path,
 			Target: path,
 			Fstype: "",
 			Flags: unix.MS_NOSUID | unix.MS_NODEV | unix.MS_NOEXEC |
 				unix.MS_BIND | unix.MS_REMOUNT | unix.MS_RDONLY,
 			Data: "",
-		}); err != nil {
+		}
+		if err := remountDev.Mount(); err != nil {
 			return err
 		}
 	}