A few niceties

1. If not privileged, don't try to do the mount, as the final
   bind or overlay mount will fail.
2. If something goes wrong, clean up the destdir/meta.

Author: hallyn

README.md

@@ -13,17 +13,10 @@ atomfs umount mnt
 Longer example:
 ```
 serge@jerom ~$ lxc-usernsexec -s
-# unshare -m -- /bin/bash
-root@jerom ~$ cd delme/stacker-squash/
-root@jerom ~/delme/stacker-squash$ ~/src/atomfs/atomfs mount oci:smtest-squashfs dest
-/home/serge/delme/stacker-squash/dest/meta/mounts/5a27f94ae0691bd617c65cc99544994439acbda359c6375e103f4c099d7ab54c is not yet mounted...
-/home/serge/delme/stacker-squash/dest/meta/mounts/369694e2bd95a30c8c742dbde3b21ad91a84ed829b36b41a76985025157dfd52 is not yet mounted...
-root@jerom ~/delme/stacker-squash$ ls dest
-bin  dev  etc  home  hw  proc  root  sys  tmp  usr  var  xxx
-root@jerom ~/delme/stacker-squash$ touch dest/yyy
-root@jerom ~/delme/stacker-squash$ ~/src/atomfs/atomfs umount dest
-root@jerom ~/delme/stacker-squash$ ls dest/meta/upper/
-xxx  yyy
+root@jerom ~$ atomfs mount zothub:busybox-squashfs dest
+root@jerom ~$ ls dest
+bin  dev  etc  home  lib  lib64  root  tmp  usr  var
+root@jerom ~$ atomfs umount dest
 ```
 
 # Implementation details
@@ -34,3 +27,12 @@ onto $metadir/ro.  Then if a readonly mount is requested
 $metadir/ro is bind mounted onto $metadir.  Otherwise, we create
 $metadir/work and $metadir/upper, and use these to do a rw
 overlay mount of $metadir/ro onto $mountpoint.
+
+Note that if you simply call `umount` on the mountpoint, then
+you will be left with all the individual squashfs mounts under
+`dest/mounts/*/`.
+
+Note that you do need to be root in your namespace in order to
+do the final bind or overlay mount.  (We could get around this
+by using fuse-overlay, but creating a namespace seems overall
+tidy).

mount.go

@@ -2,13 +2,16 @@ package main
 
 import (
 	"fmt"
+	"os"
+	"os/exec"
 	"path/filepath"
 	"strings"
 	"syscall"
 
 	"github.com/urfave/cli"
 	"golang.org/x/sys/unix"
 	satomfs "stackerbuild.io/stacker/pkg/atomfs"
+	"stackerbuild.io/stacker/pkg/squashfs"
 )
 
 var mountCmd = cli.Command{
@@ -42,20 +45,39 @@ func findImage(ctx *cli.Context) (string, string, error) {
 }
 
 func doMount(ctx *cli.Context) error {
-	if ctx.NArg() != 2 {
-		return fmt.Errorf("source and destination required")
+	if !amPrivileged() {
+		fmt.Println("Please run as root, or in a user namespace")
+		fmt.Println(" You could try:")
+		fmt.Println("\tlxc-usernsexec -s -- /bin/bash")
+		fmt.Println(" or")
+		fmt.Println("\tunshare -Umr -- /bin/bash")
+		fmt.Println("then run from that shell")
+		os.Exit(1)
 	}
-
 	ocidir, tag, err := findImage(ctx)
 	if err != nil {
 		return err
 	}
 
 	target := ctx.Args()[1]
 	metadir := filepath.Join(target, "meta")
+
+	complete := false
+
+	defer func() {
+		if !complete {
+			cleanupDest(metadir)
+		}
+	}()
+
+	if PathExists(metadir) {
+		return fmt.Errorf("%q exists: cowardly refusing to mess with it", metadir)
+	}
+
 	if err := EnsureDir(metadir); err != nil {
 		return err
 	}
+
 	rodest := filepath.Join(metadir, "ro")
 	if err = EnsureDir(rodest); err != nil {
 		return err
@@ -84,13 +106,71 @@ func doMount(ctx *cli.Context) error {
 		err = overlay(target, rodest, metadir)
 	}
 
+	complete = true
+	return nil
+}
+
+func cleanupDest(metadir string) {
+	fmt.Printf("Failure detected: cleaning up %q", metadir)
+	rodest := filepath.Join(metadir, "ro")
+	if PathExists(rodest) {
+		if err := unix.Unmount(rodest, 0); err != nil {
+			fmt.Printf("Failed unmounting %q: %v", rodest, err)
+		}
+	}
+
+	mountsdir := filepath.Join(metadir, "mounts")
+	entries, err := os.ReadDir(mountsdir)
 	if err != nil {
-		satomfs.Umount(rodest)
-		return err
+		fmt.Printf("Failed reading contents of %q: %v", mountsdir, err)
+		os.RemoveAll(metadir)
+		return
+	}
+
+	wd, err := os.Getwd()
+	if err != nil {
+		fmt.Printf("Failed getting working directory")
+		os.RemoveAll(metadir)
+	}
+	for _, e := range entries {
+		n := filepath.Base(e.Name())
+		if n == "workaround" {
+			continue
+		}
+		if strings.HasSuffix(n, ".log") {
+			continue
+		}
+		p := filepath.Join(wd, mountsdir, e.Name())
+		if err := squashUmount(p); err != nil {
+			fmt.Printf("Failed unmounting %q: %v\n", p, err)
+		}
+	}
+	os.RemoveAll(metadir)
+}
+
+func RunCommand(args ...string) error {
+	cmd := exec.Command(args[0], args[1:]...)
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		return fmt.Errorf("%s: %s: %s", strings.Join(args, " "), err, string(output))
 	}
 	return nil
 }
 
+func amPrivileged() bool {
+	if os.Geteuid() == 0 {
+		return true
+	}
+	return false
+}
+
+func squashUmount(p string) error {
+	if amPrivileged() {
+		return squashfs.Umount(p)
+	}
+	return RunCommand("fusermount", "-u", p)
+}
+
 func overlay(target, rodest, metadir string) error {
 	workdir := filepath.Join(metadir, "work")
 	if err := EnsureDir(workdir); err != nil {

umount.go

@@ -85,5 +85,9 @@ func doUmount(ctx *cli.Context) error {
 		return fmt.Errorf("Encountered errors %d: %v", len(errs), errs)
 	}
 
+	if err := os.RemoveAll(metadir); err != nil {
+		return fmt.Errorf("Failed removing %q: %v", metadir, err)
+	}
+
 	return nil
 }