Explicitly prevent mounting over an existing mount

It's valid to mount multiple file systems to the same directory, but
doing so requires the first one to be mounted read-write, which is why
this wasn't a problem for us until #327. It seems libfuse2's version of
fusermount explicitly checked this(?), but libfuse3 no longer rejects
it.

In principle this might be something we'd want to allow, but I think the
less surprising/error-prone customer experience is to refuse to do it,
so let's explicitly forbid it.

Signed-off-by: James Bornholt <[email protected]>

mountpoint-s3/Cargo.toml

@@ -31,6 +31,7 @@ time = { version = "0.3.17", features = ["macros", "formatting"] }
 const_format = "0.2.30"
 home = "0.5.4"
 serde_json = "1.0.95"
+procfs = { version = "0.15.1", default-features = false }
 
 [dev-dependencies]
 assert_cmd = "2.0.6"

mountpoint-s3/src/main.rs

@@ -251,14 +251,6 @@ impl CliArgs {
 fn main() -> anyhow::Result<()> {
     let args = CliArgs::parse();
 
-    // validate mount point
-    if !args.mount_point.exists() || !args.mount_point.is_dir() {
-        return Err(anyhow!(
-            "Mount point {} does not exist or it is not a directory",
-            args.mount_point.display()
-        ));
-    }
-
     if args.foreground {
         init_tracing_subscriber(args.foreground, args.log_directory.as_deref())
             .context("failed to initialize logging")?;
@@ -370,6 +362,8 @@ fn main() -> anyhow::Result<()> {
 fn mount(args: CliArgs) -> anyhow::Result<FuseSession> {
     const DEFAULT_TARGET_THROUGHPUT: f64 = 10.0;
 
+    validate_mount_point(&args.mount_point)?;
+
     let addressing_style = args.addressing_style();
     let endpoint = args
         .endpoint_url
@@ -571,6 +565,39 @@ fn get_maximum_network_throughput(ec2_instance_type: &str) -> anyhow::Result<f64
         .ok_or_else(|| anyhow!("no throughput configuration for EC2 instance type {ec2_instance_type}"))
 }
 
+fn validate_mount_point(path: impl AsRef<Path>) -> anyhow::Result<()> {
+    let mount_point = path.as_ref();
+
+    if !mount_point.exists() {
+        return Err(anyhow!("mount point {} does not exist", mount_point.display()));
+    }
+
+    if !mount_point.is_dir() {
+        return Err(anyhow!("mount point {} is not a directory", mount_point.display()));
+    }
+
+    #[cfg(target_os = "linux")]
+    {
+        use procfs::process::Process;
+
+        // This is a best-effort validation, so don't fail if we can't read /proc/self/mountinfo for
+        // some reason.
+        let mounts = match Process::myself().and_then(|me| me.mountinfo()) {
+            Ok(mounts) => mounts,
+            Err(e) => {
+                tracing::debug!("failed to read mountinfo, not checking for existing mounts: {e:?}");
+                return Ok(());
+            }
+        };
+
+        if mounts.iter().any(|mount| mount.mount_point == path.as_ref()) {
+            return Err(anyhow!("mount point {} is already mounted", path.as_ref().display()));
+        }
+    }
+
+    Ok(())
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;

mountpoint-s3/tests/cli.rs

@@ -12,7 +12,7 @@ fn mount_point_doesnt_exist() -> Result<(), Box<dyn std::error::Error>> {
     let mut cmd = Command::cargo_bin("mount-s3")?;
 
     cmd.arg("test-bucket").arg("test/dir");
-    let error_message = "Mount point test/dir does not exist or it is not a directory";
+    let error_message = "mount point test/dir does not exist";
     cmd.assert().failure().stderr(predicate::str::contains(error_message));
 
     Ok(())
@@ -25,7 +25,7 @@ fn mount_point_isnt_dir() -> Result<(), Box<dyn std::error::Error>> {
 
     cmd.arg("test-bucket").arg(file.path());
     let error_message = format!(
-        "Mount point {} does not exist or it is not a directory",
+        "mount point {} does not exist",
         file.path().display()
     );
     cmd.assert().failure().stderr(predicate::str::contains(error_message));