service: tighten flash device safety

2026-03-31 20:49:34 -03:00 · 2026-03-31 20:49:34 -03:00 · 1c9edb95f8
commit 1c9edb95f8
parent a148e77335
1 changed files with 42 additions and 10 deletions
--- a/cmd/metis/remote_cmd.go
+++ b/cmd/metis/remote_cmd.go
@ -203,6 +203,10 @@ func localFlashDevices(maxBytes int64, hostTmpDir string) ([]service.Device, err
 			Model      string `json:"model"`
 			Tran       string `json:"tran"`
 			Type       string `json:"type"`
+			Mountpoint string `json:"mountpoint"`
+			Children   []struct {
+				Mountpoint string `json:"mountpoint"`
+			} `json:"children"`
 		} `json:"blockdevices"`
 	}
 	if err := json.Unmarshal(out, &payload); err != nil {
@ -223,7 +227,13 @@ func localFlashDevices(maxBytes int64, hostTmpDir string) ([]service.Device, err
 		if size <= 0 || size > maxBytes {
 			continue
 		}
-		if dev.Tran != "usb" && !dev.RM && !dev.Hotplug {
+		if dev.Tran != "usb" && !dev.RM {
+			continue
+		}
+		if strings.TrimSpace(dev.Mountpoint) != "" {
+			continue
+		}
+		if hasMountedChildren(dev.Children) {
 			continue
 		}
 		devices = append(devices, service.Device{
@ -243,7 +253,7 @@ func localFlashDevices(maxBytes int64, hostTmpDir string) ([]service.Device, err
 		Model:     "Host /tmp",
 		Transport: "test",
 		Type:      "file",
-		Note:      fmt.Sprintf("Test-only host write target under %s", hostTmpDir),
+		Note:      fmt.Sprintf("Test-only host write target under %s", humanHostPath(hostTmpDir)),
 		Removable: false,
 		Hotplug:   false,
 		SizeBytes: 1,
@ -340,6 +350,28 @@ func resolvePulledArtifact(dir string) (string, bool, error) {
 	return "", false, fmt.Errorf("no .img or .img.xz artifact found in %s", dir)
 }

+func hasMountedChildren(children []struct {
+	Mountpoint string `json:"mountpoint"`
+}) bool {
+	for _, child := range children {
+		if strings.TrimSpace(child.Mountpoint) != "" {
+			return true
+		}
+	}
+	return false
+}
+
+func humanHostPath(path string) string {
+	path = strings.TrimSpace(path)
+	if strings.HasPrefix(path, "/host-tmp/") {
+		return "/" + strings.TrimPrefix(path, "/host-tmp/")
+	}
+	if path == "/host-tmp" {
+		return "/tmp"
+	}
+	return path
+}
+
 func getenvOr(key, fallback string) string {
 	value := strings.TrimSpace(os.Getenv(key))
 	if value == "" {