procfs: make is_subset check cheaper

Allocating file descriptors for the is_subset check is completely unnecessary. We can just do a basic faccessat(2) check -- the paths we care about are very basic and we only care if they exist at all and not their contents or what they point to. In addition, because we check /proc/1 and /proc/stat, using faccessat(2) will avoid us thinking that /proc is a subset if something has overmounted /proc/stat (technically is a subset but that's just a game of whack-a-mole we can't win). Signed-off-by: Aleksa Sarai <[email protected]>
openSUSE · Oct 14, 2024 · c8e6aa7 · c8e6aa7
1 parent a856dbb
commit c8e6aa7
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/src/procfs.rs b/src/procfs.rs
@@ -36,6 +36,8 @@ use std::{
  path::{Path, PathBuf},
 };
 
+use rustix::fs::{self as rustix_fs, Access, AtFlags};
+
 // MSRV(1.70): Use OnceLock.
 // MSRV(1.80): Use LazyLock.
 lazy_static! {
@@ -536,9 +538,8 @@ impl ProcfsHandle {
  // then hidepid is probably not relevant.
  let is_subset = [/* subset=pid */ "stat", /* hidepid=n */ "1"]
  .iter()
- .any(|subpath| {
- resolver
- .resolve(&inner, subpath, OpenFlags::O_PATH, ResolverFlags::empty())
+ .any(|&subpath| {
+ rustix_fs::accessat(&inner, subpath, Access::EXISTS, AtFlags::SYMLINK_NOFOLLOW)
  .is_err()
  });