From 15170735badf9c8c8f13840efcb70bf7ba192b4d Mon Sep 17 00:00:00 2001
From: Ophestra <cat@gensokyo.uk>
Date: Sun, 3 Aug 2025 18:06:41 +0900
Subject: [PATCH] container/mount: move tmpfs sysroot prefixing to caller

The mountTmpfs helper is a relatively low level function that is not exposed as part of the API. Prefixing sysroot here not only introduces overhead but is also quite error-prone.

Signed-off-by: Ophestra <cat@gensokyo.uk>
---
 container/mount.go | 7 ++++---
 container/ops.go   | 5 ++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/container/mount.go b/container/mount.go
index fc0e177..30ef700 100644
--- a/container/mount.go
+++ b/container/mount.go
@@ -160,8 +160,9 @@ func remountWithFlags(n *vfs.MountInfoNode, mf uintptr) error {
 	return nil
 }
 
-func mountTmpfs(fsname, name string, flags uintptr, size int, perm os.FileMode) error {
-	target := toSysroot(name)
+// mountTmpfs mounts tmpfs on target;
+// callers who wish to mount to sysroot must pass the return value of toSysroot.
+func mountTmpfs(fsname, target string, flags uintptr, size int, perm os.FileMode) error {
 	if err := os.MkdirAll(target, parentPerm(perm)); err != nil {
 		return wrapErrSelf(err)
 	}
@@ -171,7 +172,7 @@ func mountTmpfs(fsname, name string, flags uintptr, size int, perm os.FileMode)
 	}
 	return wrapErrSuffix(
 		Mount(fsname, target, FstypeTmpfs, flags, opt),
-		fmt.Sprintf("cannot mount tmpfs on %q:", name))
+		fmt.Sprintf("cannot mount tmpfs on %q:", target))
 }
 
 func parentPerm(perm os.FileMode) os.FileMode {
diff --git a/container/ops.go b/container/ops.go
index b25f320..b8d287f 100644
--- a/container/ops.go
+++ b/container/ops.go
@@ -190,13 +190,12 @@ type MountDevOp string
 func (d MountDevOp) early(*Params) error { return nil }
 func (d MountDevOp) apply(params *Params) error {
 	v := string(d)
-
 	if !path.IsAbs(v) {
 		return msg.WrapErr(EBADE, fmt.Sprintf("path %q is not absolute", v))
 	}
 	target := toSysroot(v)
 
-	if err := mountTmpfs(SourceTmpfsDevtmpfs, v, MS_NOSUID|MS_NODEV, 0, params.ParentPerm); err != nil {
+	if err := mountTmpfs(SourceTmpfsDevtmpfs, target, MS_NOSUID|MS_NODEV, 0, params.ParentPerm); err != nil {
 		return err
 	}
 
@@ -332,7 +331,7 @@ func (t *MountTmpfsOp) apply(*Params) error {
 	if t.Size < 0 || t.Size > math.MaxUint>>1 {
 		return msg.WrapErr(EBADE, fmt.Sprintf("size %d out of bounds", t.Size))
 	}
-	return mountTmpfs(t.FSName, t.Path, t.Flags, t.Size, t.Perm)
+	return mountTmpfs(t.FSName, toSysroot(t.Path), t.Flags, t.Size, t.Perm)
 }
 
 func (t *MountTmpfsOp) Is(op Op) bool  { vt, ok := op.(*MountTmpfsOp); return ok && *t == *vt }