From 9c1a5d43bad802aa0ad717ea603c51f7b0408cdd Mon Sep 17 00:00:00 2001 From: Ophestra Date: Sun, 17 Aug 2025 01:43:11 +0900 Subject: [PATCH] container: enforce nonrepeatable autoetc and autoroot These keep track of some internal state, and they don't make sense to have multiple instances of anyway, so instead of dealing with that, just make them nonrepetable. Signed-off-by: Ophestra --- container/autoetc.go | 8 +++++++- container/autoroot.go | 5 +++++ container/ops.go | 6 ++++++ 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/container/autoetc.go b/container/autoetc.go index f494d75..23b1a86 100644 --- a/container/autoetc.go +++ b/container/autoetc.go @@ -4,6 +4,7 @@ import ( "encoding/gob" "fmt" "os" + "syscall" ) func init() { gob.Register(new(AutoEtcOp)) } @@ -21,7 +22,12 @@ func (f *Ops) Etc(host *Absolute, prefix string) *Ops { type AutoEtcOp struct{ Prefix string } func (e *AutoEtcOp) early(*setupState) error { return nil } -func (e *AutoEtcOp) apply(*setupState) error { +func (e *AutoEtcOp) apply(state *setupState) error { + if state.nonrepeatable&nrAutoEtc != 0 { + return msg.WrapErr(syscall.EINVAL, "autoetc is not repeatable") + } + state.nonrepeatable |= nrAutoEtc + const target = sysrootPath + FHSEtc rel := e.hostRel() + "/" diff --git a/container/autoroot.go b/container/autoroot.go index b155145..215a7bb 100644 --- a/container/autoroot.go +++ b/container/autoroot.go @@ -56,6 +56,11 @@ func (r *AutoRootOp) early(state *setupState) error { } func (r *AutoRootOp) apply(state *setupState) error { + if state.nonrepeatable&nrAutoRoot != 0 { + return msg.WrapErr(syscall.EINVAL, "autoroot is not repeatable") + } + state.nonrepeatable |= nrAutoRoot + for _, op := range r.resolved { msg.Verbosef("%s %s", op.prefix(), op) if err := op.apply(state); err != nil { diff --git a/container/ops.go b/container/ops.go index efc925b..a08a12f 100644 --- a/container/ops.go +++ b/container/ops.go @@ -24,6 +24,11 @@ const ( intermediatePatternTmpfile = "tmp.*" ) +const ( + nrAutoEtc = 1 << iota + nrAutoRoot +) + type ( Ops []Op @@ -41,6 +46,7 @@ type ( } setupState struct { + nonrepeatable uintptr *Params } )