From 1c9edb95f8095bd9b69d9a21fc49b2175d778701 Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Tue, 31 Mar 2026 20:49:34 -0300
Subject: [PATCH] service: tighten flash device safety

---
 cmd/metis/remote_cmd.go | 52 +++++++++++++++++++++++++++++++++--------
 1 file changed, 42 insertions(+), 10 deletions(-)

diff --git a/cmd/metis/remote_cmd.go b/cmd/metis/remote_cmd.go
index f02a01e..5dd5ab5 100644
--- a/cmd/metis/remote_cmd.go
+++ b/cmd/metis/remote_cmd.go
@@ -195,14 +195,18 @@ func localFlashDevices(maxBytes int64, hostTmpDir string) ([]service.Device, err
 	}
 	var payload struct {
 		Blockdevices []struct {
-			Name    string `json:"name"`
-			Path    string `json:"path"`
-			RM      bool   `json:"rm"`
-			Hotplug bool   `json:"hotplug"`
-			Size    any    `json:"size"`
-			Model   string `json:"model"`
-			Tran    string `json:"tran"`
-			Type    string `json:"type"`
+			Name       string `json:"name"`
+			Path       string `json:"path"`
+			RM         bool   `json:"rm"`
+			Hotplug    bool   `json:"hotplug"`
+			Size       any    `json:"size"`
+			Model      string `json:"model"`
+			Tran       string `json:"tran"`
+			Type       string `json:"type"`
+			Mountpoint string `json:"mountpoint"`
+			Children   []struct {
+				Mountpoint string `json:"mountpoint"`
+			} `json:"children"`
 		} `json:"blockdevices"`
 	}
 	if err := json.Unmarshal(out, &payload); err != nil {
@@ -223,7 +227,13 @@ func localFlashDevices(maxBytes int64, hostTmpDir string) ([]service.Device, err
 		if size <= 0 || size > maxBytes {
 			continue
 		}
-		if dev.Tran != "usb" && !dev.RM && !dev.Hotplug {
+		if dev.Tran != "usb" && !dev.RM {
+			continue
+		}
+		if strings.TrimSpace(dev.Mountpoint) != "" {
+			continue
+		}
+		if hasMountedChildren(dev.Children) {
 			continue
 		}
 		devices = append(devices, service.Device{
@@ -243,7 +253,7 @@ func localFlashDevices(maxBytes int64, hostTmpDir string) ([]service.Device, err
 		Model:     "Host /tmp",
 		Transport: "test",
 		Type:      "file",
-		Note:      fmt.Sprintf("Test-only host write target under %s", hostTmpDir),
+		Note:      fmt.Sprintf("Test-only host write target under %s", humanHostPath(hostTmpDir)),
 		Removable: false,
 		Hotplug:   false,
 		SizeBytes: 1,
@@ -340,6 +350,28 @@ func resolvePulledArtifact(dir string) (string, bool, error) {
 	return "", false, fmt.Errorf("no .img or .img.xz artifact found in %s", dir)
 }
 
+func hasMountedChildren(children []struct {
+	Mountpoint string `json:"mountpoint"`
+}) bool {
+	for _, child := range children {
+		if strings.TrimSpace(child.Mountpoint) != "" {
+			return true
+		}
+	}
+	return false
+}
+
+func humanHostPath(path string) string {
+	path = strings.TrimSpace(path)
+	if strings.HasPrefix(path, "/host-tmp/") {
+		return "/" + strings.TrimPrefix(path, "/host-tmp/")
+	}
+	if path == "/host-tmp" {
+		return "/tmp"
+	}
+	return path
+}
+
 func getenvOr(key, fallback string) string {
 	value := strings.TrimSpace(os.Getenv(key))
 	if value == "" {