From: NymanRobin <robin.nyman@est.tech>
Date: Thu, 2 May 2024 08:20:01 +0000 (+0300)
Subject: Compare mount by value instead of reference
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=068b9f8f5dec46b222470f6d3f03244ba5b65f5c;p=fscrypt.git

Compare mount by value instead of reference

This has to be since the mounts are reloaded
each time a mount is added. In case of two
mounts mounting at the same time there will
be a race condition for applying policy.

Signed-off-by: NymanRobin <robin.nyman@est.tech>
---

diff --git a/actions/policy.go b/actions/policy.go
index c621725..d745f8b 100644
--- a/actions/policy.go
+++ b/actions/policy.go
@@ -24,6 +24,7 @@ import (
 	"log"
 	"os"
 	"os/user"
+	"reflect"
 
 	"github.com/pkg/errors"
 	"google.golang.org/protobuf/proto"
@@ -452,7 +453,7 @@ func (policy *Policy) AddProtector(protector *Protector) error {
 
 	// If the protector is on a different filesystem, we need to add a link
 	// to it on the policy's filesystem.
-	if policy.Context.Mount != protector.Context.Mount {
+	if !reflect.DeepEqual(policy.Context.Mount, protector.Context.Mount) {
 		log.Printf("policy on %s\n protector on %s\n", policy.Context.Mount, protector.Context.Mount)
 		ownerIfCreating, err := getOwnerOfMetadataForProtector(protector)
 		if err != nil {
@@ -525,7 +526,7 @@ func (policy *Policy) RemoveProtector(protectorDescriptor string) error {
 func (policy *Policy) Apply(path string) error {
 	if pathMount, err := filesystem.FindMount(path); err != nil {
 		return err
-	} else if pathMount != policy.Context.Mount {
+	} else if !reflect.DeepEqual(pathMount, policy.Context.Mount) {
 		return &ErrDifferentFilesystem{policy.Context.Mount, pathMount}
 	}
 
diff --git a/filesystem/mountpoint_test.go b/filesystem/mountpoint_test.go
index f06219c..fd7e05d 100644
--- a/filesystem/mountpoint_test.go
+++ b/filesystem/mountpoint_test.go
@@ -27,6 +27,7 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"reflect"
 	"strings"
 	"testing"
 )
@@ -544,3 +545,21 @@ func BenchmarkLoadFirst(b *testing.B) {
 		}
 	}
 }
+
+// Test mount comparison by values instead of by reference,
+// as the map mountsByDevice gets recreated on each load.
+// This ensures that concurrent mounts work properly.
+func TestMountComparison(t *testing.T) {
+	var mountinfo = `
+15 0 259:3 / /home rw,relatime shared:1 - ext4 /dev/root rw,data=ordered
+`
+	beginLoadMountInfoTest()
+	defer endLoadMountInfoTest()
+	loadMountInfoFromString(mountinfo)
+	firstMnt := mountForDevice("259:3")
+	loadMountInfoFromString(mountinfo)
+	secondMnt := mountForDevice("259:3")
+	if !reflect.DeepEqual(firstMnt, secondMnt) {
+		t.Errorf("Mount comparison does not work")
+	}
+}