Fix host /dev/pts unmount during overlayfs cleanup

[Copilot]

Unmounting overlayfs with bind mounts to /dev/pts was unmounting the host's /dev/pts, breaking system-wide PTY allocation (sudo: unable to allocate pty, forkpty() failed).

Root Cause

do_unmount() used umount2(MNT_DETACH) unconditionally. For recursive bind mounts (MS_REC), lazy unmount can affect the source mount. No path validation prevented unmounting host directories.

Changes

Safe unmount strategy:

• Use umount() without flags as primary method
• Fall back to MNT_DETACH only for EBUSY with warning
• Explicit error handling via match on errno values

Path validation:

• Custom ValidateResult enum: Valid(PathBuf), AlreadyUnmounted, ValidationFailed(Error)
• Canonicalize paths before validation to prevent ../ traversal attacks
• Abort unmount if mountpoint canonicalization fails (cannot validate safely)
• Skip unmount if target canonicalization fails (except NotFound = already unmounted)

// Before: affects host mounts
unsafe { libc::umount2(target, libc::MNT_DETACH) }

// After: safe unmount with fallback
let ret = unsafe { libc::umount(target) };
if ret != 0 {
    match Error::last_os_error().raw_os_error() {
        Some(libc::ENOENT) | Some(libc::EINVAL) => Ok(()), // Already unmounted
        Some(libc::EBUSY) => { /* Try MNT_DETACH with warning */ }
        _ => Err(err) // Fail loudly
    }
}

Security:

• Prevents path traversal: /mnt/overlay/../dev/pts → resolved to /dev/pts → rejected
• Fail-safe: when validation fails, skip unmount rather than risk host directory

Files Changed

• project/libfuse-fs/src/util/bind_mount.rs: Rewritten unmount logic, added ValidateResult enum and validation helper

Original prompt

请使用docker导出乌班图整个文件系统 然后用这个BINARY="/root/rk8s/project/target/debug/examples/overlayfs_example"

sudo "$BINARY" --mountpoint /root/merged --upperdir /root/upper --lowerdir /root/ubuntu-rootfs --bind "proc:/proc" --bind "sys:/sys" --bind "dev:/dev" --bind "dev/pts:/dev/pts" --bind "etc/resolv.conf:/etc/resolv.conf" --privileged把它挂载了 然后接下来再开一个窗口 chroot ~/merged/ /bin/bash在里面进行apt update等操作都正常 但是ctrl+c退出overlayfs之后 再次运行（或者别的复杂操作）我宿主机就sudo: unable to allocate pty: No such device 或者forktty失败 只有运行mount -t devpts devpts /dev/pts才能解决 请你上来先完整复现!!!步骤是1.docker拿乌班图文件系统镜像 2.编译挂载 3.进入测试 4.停止 再重启挂载 再测试 出问题 再思考原因 再修改

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.