sysroot: Add an API to initialize with mountns

This lowers down into the C library some logic we
have in the binary/app logic, in prep for having more Rust-native
CLI code in https://github.com/ostreedev/ostree-rs-ext/pull/412

Basically we want to *ensure* a mount namespace by invoking
`unshare()` if necessary, instead of requiring our callers
to do this dance.

This also helps fix e.g.
Closes: https://github.com/ostreedev/ostree/issues/2769

1 files changed, 3 insertions, 17 deletions

diff --git a/src/ostree/ot-main.c b/src/ostree/ot-main.c
index 770962a4..da4735b6 100644
--- a/src/ostree/ot-main.c
+++ b/src/ostree/ot-main.c
@@ -586,23 +586,9 @@ ostree_admin_sysroot_load (OstreeSysroot            *sysroot,
 {
   if ((flags & OSTREE_ADMIN_BUILTIN_FLAG_UNLOCKED) == 0)
     {
-      /* If we're requested to lock the sysroot, first check if we're operating
-       * on a booted (not physical) sysroot.  Then find out if the /sysroot
-       * subdir is a read-only mount point, and if so, create a new mount
-       * namespace and tell the sysroot that we've done so. See the docs for
-       * ostree_sysroot_set_mount_namespace_in_use().
-       *
-       * This is a conservative approach; we could just always
-       * unshare() too.
-       */
-      if (ostree_sysroot_is_booted (sysroot))
-        {
-          gboolean setup_ns = FALSE;
-          if (!maybe_setup_mount_namespace (&setup_ns, error))
-            return FALSE;
-          if (setup_ns)
-            ostree_sysroot_set_mount_namespace_in_use (sysroot);
-        }
+      /* Set up the mount namespace, if applicable */
+      if (!ostree_sysroot_initialize_with_mount_namespace (sysroot, cancellable, error))
+        return FALSE;
 
       /* Released when sysroot is finalized, or on process exit */
       if (!ot_admin_sysroot_lock (sysroot, error))