From 64370c41c6006b7e0ba7ec84cc633c2c8268ae25 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 19 Nov 2024 14:54:00 -0500 Subject: [PATCH] install: Move re-exec earlier As the comment says everything we do before `prepare_install` is something we might do *twice* so let's keep it as early as possible. Looking at the history of this code (and its logical inputs) I believe there's no reason for its placement in the middle of this function other than just "stuff appeared before it organically". Yes, it means some argument validation will happen after the re-exec but that's fine. Signed-off-by: Colin Walters --- lib/src/install.rs | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/src/install.rs b/lib/src/install.rs index 83dd7752..01c5518a 100644 --- a/lib/src/install.rs +++ b/lib/src/install.rs @@ -1636,6 +1636,13 @@ pub(crate) async fn install_to_filesystem( opts: InstallToFilesystemOpts, targeting_host_root: bool, ) -> Result<()> { + // Gather global state, destructuring the provided options. + // IMPORTANT: We might re-execute the current process in this function (for SELinux among other things) + // IMPORTANT: and hence anything that is done before MUST BE IDEMPOTENT. + // IMPORTANT: In practice, we should only be gathering information before this point, + // IMPORTANT: and not performing any mutations at all. + let state = prepare_install(opts.config_opts, opts.source_opts, opts.target_opts).await?; + // And the last bit of state here is the fsopts, which we also destructure now. let mut fsopts = opts.filesystem_opts; // Check that the target is a directory @@ -1674,13 +1681,6 @@ pub(crate) async fn install_to_filesystem( rootfs_fd }; - // Gather global state, destructuring the provided options. - // IMPORTANT: We might re-execute the current process in this function (for SELinux among other things) - // IMPORTANT: and hence anything that is done before MUST BE IDEMPOTENT. - // IMPORTANT: In practice, we should only be gathering information before this point, - // IMPORTANT: and not performing any mutations at all. - let state = prepare_install(opts.config_opts, opts.source_opts, opts.target_opts).await?; - // Check to see if this happens to be the real host root if !fsopts.acknowledge_destructive { warn_on_host_root(&rootfs_fd)?;