From 33940265a6c193fe024ad11b8c61a2869ef858d9 Mon Sep 17 00:00:00 2001
From: Ophestra <cat@gensokyo.uk>
Date: Tue, 25 Mar 2025 19:30:53 +0900
Subject: [PATCH] sandbox: do not ensure symlink target

This masks EEXIST on target and might clobber filesystems and lead to other confusing behaviour. Create its parent instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
---
 sandbox/sequential.go | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/sandbox/sequential.go b/sandbox/sequential.go
index d072962..5e42176 100644
--- a/sandbox/sequential.go
+++ b/sandbox/sequential.go
@@ -303,10 +303,7 @@ func (l *Symlink) apply(*Params) error {
 	}
 
 	target := toSysroot(l[1])
-	if err := ensureFile(target, 0444, 0755); err != nil {
-		return err
-	}
-	if err := os.Remove(target); err != nil {
+	if err := os.MkdirAll(path.Dir(target), 0755); err != nil {
 		return msg.WrapErr(err, err.Error())
 	}
 	if err := os.Symlink(l[0], target); err != nil {