From 8758b0faa27420e915e7e9ba815258207e02a82a Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Tue, 20 Apr 2021 08:09:57 -0400
Subject: [PATCH] bwrap: Fix selftest to be truly immutable

We should never have any effect on the host system, so let's
use the more direct APIs which allow us to use the immutable
flag, don't mount `/var` etc.

Crucially this also avoids us running through the tempetc
guard which would try to rename `usr/etc` which can trigger
on an ostree based host.

Closes: https://github.com/coreos/rpm-ostree/issues/2771
---
 rust/src/bwrap.rs | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/rust/src/bwrap.rs b/rust/src/bwrap.rs
index 939f0525..282b4f1b 100644
--- a/rust/src/bwrap.rs
+++ b/rust/src/bwrap.rs
@@ -475,7 +475,11 @@ pub(crate) fn bubblewrap_run_sync(
 /// Validate that bubblewrap works at all.  This will flush out any incorrect
 /// setups such being inside an outer container that disallows `CLONE_NEWUSER` etc.
 pub(crate) fn bubblewrap_selftest() -> CxxResult<()> {
-    let fd = openat::Dir::open("/")?;
-    let _ = bubblewrap_run_sync(fd.as_raw_fd(), &vec!["true".to_string()], false, true)?;
+    let fd = &openat::Dir::open("/")?;
+    let mut bwrap = Bubblewrap::new_with_mutability(fd, BubblewrapMutability::Immutable)?;
+    bwrap.append_child_argv(&["true"]);
+    let cancellable = &gio::Cancellable::new();
+    let cancellable = Some(cancellable);
+    bwrap.run_inner(cancellable)?;
     Ok(())
 }
-- 
2.30.2