From 9c1a5d43bad802aa0ad717ea603c51f7b0408cdd Mon Sep 17 00:00:00 2001 From: Ophestra Date: Sun, 17 Aug 2025 01:43:11 +0900 Subject: [PATCH] container: enforce nonrepeatable autoetc and autoroot These keep track of some internal state, and they don't make sense to have multiple instances of anyway, so instead of dealing with that, just make them nonrepetable. Signed-off-by: Ophestra --- container/autoetc.go | 8 +++++++- container/autoroot.go | 5 +++++ container/ops.go | 6 ++++++ 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/container/autoetc.go b/container/autoetc.go index f494d75c..23b1a86c 100644 --- a/container/autoetc.go +++ b/container/autoetc.go @@ -4,6 +4,7 @@ import ( "encoding/gob" "fmt" "os" + "syscall" ) func init() { gob.Register(new(AutoEtcOp)) } @@ -21,7 +22,12 @@ func (f *Ops) Etc(host *Absolute, prefix string) *Ops { type AutoEtcOp struct{ Prefix string } func (e *AutoEtcOp) early(*setupState) error { return nil } -func (e *AutoEtcOp) apply(*setupState) error { +func (e *AutoEtcOp) apply(state *setupState) error { + if state.nonrepeatable&nrAutoEtc != 0 { + return msg.WrapErr(syscall.EINVAL, "autoetc is not repeatable") + } + state.nonrepeatable |= nrAutoEtc + const target = sysrootPath + FHSEtc rel := e.hostRel() + "/" diff --git a/container/autoroot.go b/container/autoroot.go index b155145c..215a7bb3 100644 --- a/container/autoroot.go +++ b/container/autoroot.go @@ -56,6 +56,11 @@ func (r *AutoRootOp) early(state *setupState) error { } func (r *AutoRootOp) apply(state *setupState) error { + if state.nonrepeatable&nrAutoRoot != 0 { + return msg.WrapErr(syscall.EINVAL, "autoroot is not repeatable") + } + state.nonrepeatable |= nrAutoRoot + for _, op := range r.resolved { msg.Verbosef("%s %s", op.prefix(), op) if err := op.apply(state); err != nil { diff --git a/container/ops.go b/container/ops.go index efc925b3..a08a12ff 100644 --- a/container/ops.go +++ b/container/ops.go @@ -24,6 +24,11 @@ const ( intermediatePatternTmpfile = "tmp.*" ) +const ( + nrAutoEtc = 1 << iota + nrAutoRoot +) + type ( Ops []Op @@ -41,6 +46,7 @@ type ( } setupState struct { + nonrepeatable uintptr *Params } )