container: enforce nonrepeatable autoetc and autoroot

These keep track of some internal state, and they don't make sense to have multiple instances of anyway, so instead of dealing with that, just make them nonrepetable.

Signed-off-by: Ophestra <cat@gensokyo.uk>

container/autoetc.go

@@ -4,6 +4,7 @@ import (
 	"encoding/gob"
 	"fmt"
 	"os"
+	"syscall"
 )
 
 func init() { gob.Register(new(AutoEtcOp)) }
@@ -21,7 +22,12 @@ func (f *Ops) Etc(host *Absolute, prefix string) *Ops {
 type AutoEtcOp struct{ Prefix string }
 
 func (e *AutoEtcOp) early(*setupState) error { return nil }
-func (e *AutoEtcOp) apply(*setupState) error {
+func (e *AutoEtcOp) apply(state *setupState) error {
+	if state.nonrepeatable&nrAutoEtc != 0 {
+		return msg.WrapErr(syscall.EINVAL, "autoetc is not repeatable")
+	}
+	state.nonrepeatable |= nrAutoEtc
+
 	const target = sysrootPath + FHSEtc
 	rel := e.hostRel() + "/"
 

container/autoroot.go

@@ -56,6 +56,11 @@ func (r *AutoRootOp) early(state *setupState) error {
 }
 
 func (r *AutoRootOp) apply(state *setupState) error {
+	if state.nonrepeatable&nrAutoRoot != 0 {
+		return msg.WrapErr(syscall.EINVAL, "autoroot is not repeatable")
+	}
+	state.nonrepeatable |= nrAutoRoot
+
 	for _, op := range r.resolved {
 		msg.Verbosef("%s %s", op.prefix(), op)
 		if err := op.apply(state); err != nil {

container/ops.go

@@ -24,6 +24,11 @@ const (
 	intermediatePatternTmpfile = "tmp.*"
 )
 
+const (
+	nrAutoEtc = 1 << iota
+	nrAutoRoot
+)
+
 type (
 	Ops []Op
 
@@ -41,6 +46,7 @@ type (
 	}
 
 	setupState struct {
+		nonrepeatable uintptr
 		*Params
 	}
 )