const expectedNumFieldsPerLine … const procMountsPath … const procMountInfoPath … const fsckErrorsCorrected … const fsckErrorsUncorrected … const errNoChildProcesses … const errNotMounted … var errStatxNotSupport … type Mounter … var _ … // New returns a mount.Interface for the current system. // It provides options to override the default mounter behavior. // mounterPath allows using an alternative to `/bin/mount` for mounting. func New(mounterPath string) Interface { … } // NewWithoutSystemd returns a Linux specific mount.Interface for the current // system. It provides options to override the default mounter behavior. // mounterPath allows using an alternative to `/bin/mount` for mounting. Any // detection for systemd functionality is disabled with this Mounter. func NewWithoutSystemd(mounterPath string) Interface { … } // hasSystemd validates that the withSystemd bool is set, if it is not, // detectSystemd will be called once for this Mounter instance. func (mounter *Mounter) hasSystemd() bool { … } // Map unix.Statfs mount flags ro, nodev, noexec, nosuid, noatime, relatime, // nodiratime to mount option flag strings. func getUserNSBindMountOptions(path string, statfs func(path string, buf *unix.Statfs_t) (err error)) ([]string, error) { … } // Do a bind mount including the needed remount for applying the bind opts. // If the remount fails and we are running in a user namespace // figure out if the source filesystem has the ro, nodev, noexec, nosuid, // noatime, relatime or nodiratime flag set and try another remount with the found flags. func (mounter *Mounter) bindMountSensitive(mounterPath string, mountCmd string, source string, target string, fstype string, bindOpts []string, bindRemountOpts []string, bindRemountOptsSensitive []string, mountFlags []string, systemdMountRequired bool) error { … } // Mount mounts source to target as fstype with given options. 'source' and 'fstype' must // be an empty string in case it's not required, e.g. for remount, or for auto filesystem // type, where kernel handles fstype for you. The mount 'options' is a list of options, // currently come from mount(8), e.g. "ro", "remount", "bind", etc. If no more option is // required, call Mount with an empty string list or nil. func (mounter *Mounter) Mount(source string, target string, fstype string, options []string) error { … } // MountSensitive is the same as Mount() but this method allows // sensitiveOptions to be passed in a separate parameter from the normal // mount options and ensures the sensitiveOptions are never logged. This // method should be used by callers that pass sensitive material (like // passwords) as mount options. func (mounter *Mounter) MountSensitive(source string, target string, fstype string, options []string, sensitiveOptions []string) error { … } // MountSensitiveWithoutSystemd is the same as MountSensitive() but disable using systemd mount. func (mounter *Mounter) MountSensitiveWithoutSystemd(source string, target string, fstype string, options []string, sensitiveOptions []string) error { … } // MountSensitiveWithoutSystemdWithMountFlags is the same as MountSensitiveWithoutSystemd with additional mount flags. func (mounter *Mounter) MountSensitiveWithoutSystemdWithMountFlags(source string, target string, fstype string, options []string, sensitiveOptions []string, mountFlags []string) error { … } // doMount runs the mount command. mounterPath is the path to mounter binary if containerized mounter is used. // sensitiveOptions is an extension of options except they will not be logged (because they may contain sensitive material) // systemdMountRequired is an extension of option to decide whether uses systemd mount. func (mounter *Mounter) doMount(mounterPath string, mountCmd string, source string, target string, fstype string, options []string, sensitiveOptions []string, mountFlags []string, systemdMountRequired bool) error { … } // detectSystemd returns true if OS runs with systemd as init. When not sure // (permission errors, ...), it returns false. // There may be different ways how to detect systemd, this one makes sure that // systemd-runs (needed by Mount()) works. func detectSystemd() bool { … } // detectSafeNotMountedBehavior returns true if the umount implementation replies "not mounted" // when the specified path is not mounted. When not sure (permission errors, ...), it returns false. // When possible, we will trust umount's message and avoid doing our own mount point checks. // More info: https://github.com/util-linux/util-linux/blob/v2.2/mount/umount.c#L179 func detectSafeNotMountedBehavior() bool { … } // detectSafeNotMountedBehaviorWithExec is for testing with FakeExec. func detectSafeNotMountedBehaviorWithExec(exec utilexec.Interface) bool { … } // MakeMountArgs makes the arguments to the mount(8) command. // options MUST not contain sensitive material (like passwords). func MakeMountArgs(source, target, fstype string, options []string) (mountArgs []string) { … } // MakeMountArgsSensitive makes the arguments to the mount(8) command. // sensitiveOptions is an extension of options except they will not be logged (because they may contain sensitive material) func MakeMountArgsSensitive(source, target, fstype string, options []string, sensitiveOptions []string) (mountArgs []string, mountArgsLogStr string) { … } // MakeMountArgsSensitiveWithMountFlags makes the arguments to the mount(8) command. // sensitiveOptions is an extension of options except they will not be logged (because they may contain sensitive material) // mountFlags are additional mount flags that are not related with the fstype // and mount options func MakeMountArgsSensitiveWithMountFlags(source, target, fstype string, options []string, sensitiveOptions []string, mountFlags []string) (mountArgs []string, mountArgsLogStr string) { … } // AddSystemdScope adds "system-run --scope" to given command line // If args contains sensitive material, use AddSystemdScopeSensitive to construct // a safe to log string. func AddSystemdScope(systemdRunPath, mountName, command string, args []string) (string, []string) { … } // AddSystemdScopeSensitive adds "system-run --scope" to given command line // It also accepts takes a sanitized string containing mount arguments, mountArgsLogStr, // and returns the string appended to the systemd command for logging. func AddSystemdScopeSensitive(systemdRunPath, mountName, command string, args []string, mountArgsLogStr string) (string, []string, string) { … } // Unmount unmounts the target. // If the mounter has safe "not mounted" behavior, no error will be returned when the target is not a mount point. func (mounter *Mounter) Unmount(target string) error { … } // UnmountWithForce unmounts given target but will retry unmounting with force option // after given timeout. func (mounter *Mounter) UnmountWithForce(target string, umountTimeout time.Duration) error { … } // List returns a list of all mounted filesystems. func (*Mounter) List() ([]MountPoint, error) { … } func statx(file string) (unix.Statx_t, error) { … } func (mounter *Mounter) isLikelyNotMountPointStat(file string) (bool, error) { … } func (mounter *Mounter) isLikelyNotMountPointStatx(file string) (bool, error) { … } // IsLikelyNotMountPoint determines if a directory is not a mountpoint. // It is fast but not necessarily ALWAYS correct. If the path is in fact // a bind mount from one part of a mount to another it will not be detected. // It also can not distinguish between mountpoints and symbolic links. // mkdir /tmp/a /tmp/b; mount --bind /tmp/a /tmp/b; IsLikelyNotMountPoint("/tmp/b") // will return true. When in fact /tmp/b is a mount point. If this situation // is of interest to you, don't use this function... func (mounter *Mounter) IsLikelyNotMountPoint(file string) (bool, error) { … } // CanSafelySkipMountPointCheck relies on the detected behavior of umount when given a target that is not a mount point. func (mounter *Mounter) CanSafelySkipMountPointCheck() bool { … } // GetMountRefs finds all mount references to pathname, returns a // list of paths. Path could be a mountpoint or a normal // directory (for bind mount). func (mounter *Mounter) GetMountRefs(pathname string) ([]string, error) { … } // checkAndRepairFileSystem checks and repairs filesystems using command fsck. func (mounter *SafeFormatAndMount) checkAndRepairFilesystem(source string) error { … } // formatAndMount uses unix utils to format and mount the given disk func (mounter *SafeFormatAndMount) formatAndMountSensitive(source string, target string, fstype string, options []string, sensitiveOptions []string, formatOptions []string) error { … } func (mounter *SafeFormatAndMount) format(fstype string, args []string) ([]byte, error) { … } func getDiskFormat(exec utilexec.Interface, disk string) (string, error) { … } // GetDiskFormat uses 'blkid' to see if the given disk is unformatted func (mounter *SafeFormatAndMount) GetDiskFormat(disk string) (string, error) { … } // ListProcMounts is shared with NsEnterMounter func ListProcMounts(mountFilePath string) ([]MountPoint, error) { … } func parseProcMounts(content []byte) ([]MountPoint, error) { … } // SearchMountPoints finds all mount references to the source, returns a list of // mountpoints. // The source can be a mount point or a normal directory (bind mount). We // didn't support device because there is no use case by now. // Some filesystems may share a source name, e.g. tmpfs. And for bind mounting, // it's possible to mount a non-root path of a filesystem, so we need to use // root path and major:minor to represent mount source uniquely. // This implementation is shared between Linux and NsEnterMounter func SearchMountPoints(hostSource, mountInfoPath string) ([]string, error) { … } // IsMountPoint determines if a file is a mountpoint. // It first detects bind & any other mountpoints using // MountedFast function. If the MountedFast function returns // sure as true and err as nil, then a mountpoint is detected // successfully. When an error is returned by MountedFast, the // following is true: // 1. All errors are returned with IsMountPoint as false // except os.IsPermission. // 2. When os.IsPermission is returned by MountedFast, List() // is called to confirm if the given file is a mountpoint are not. // // os.ErrNotExist should always be returned if a file does not exist // as callers have in past relied on this error and not fallback. // // When MountedFast returns sure as false and err as nil (eg: in // case of bindmounts on kernel version 5.10- ); mounter.List() // endpoint is called to enumerate all the mountpoints and check if // it is mountpoint match or not. func (mounter *Mounter) IsMountPoint(file string) (bool, error) { … } // tryUnmount calls plain "umount" and waits for unmountTimeout for it to finish. func tryUnmount(target string, withSafeNotMountedBehavior bool, unmountTimeout time.Duration) error { … } func forceUmount(target string, withSafeNotMountedBehavior bool) error { … } // checkUmountError checks a result of umount command and determine a return value. func checkUmountError(target string, command *exec.Cmd, output []byte, err error, withSafeNotMountedBehavior bool) error { … }