Relax mountpoint policy to allow arbitrary custom paths

Any path, which is not explicitly disallowed, can now be specified as a separate mountpoint. Signed-off-by: Tomáš Hozza <[email protected]>
osbuild · Oct 20, 2023 · 319aded · 319aded
1 parent 8c6a7e3
commit 319aded
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 14 deletions.
diff --git a/internal/pathpolicy/policies.go b/internal/pathpolicy/policies.go
@@ -2,20 +2,12 @@ package pathpolicy
 
 // MountpointPolicies is a set of default mountpoint policies used for filesystem customizations
 var MountpointPolicies = NewPathPolicies(map[string]PathPolicy{
-	"/":     {Exact: true},
-	"/boot": {Exact: true},
-	"/var":  {},
-	"/opt":  {},
-	"/srv":  {},
+	"/": {},
 	// /etc must be on the root filesystem
 	"/etc": {Deny: true},
 	// NB: any mountpoints under /usr are not supported by systemd fstab
 	// generator in initram before the switch-root, so we don't allow them.
-	"/usr":  {Exact: true},
-	"/app":  {},
-	"/data": {},
-	"/home": {},
-	"/tmp":  {},
+	"/usr": {Exact: true},
 	// API filesystems
 	"/sys":  {Deny: true},
 	"/proc": {Deny: true},

diff --git a/internal/pathpolicy/policies_test.go b/internal/pathpolicy/policies_test.go
@@ -12,22 +12,25 @@ func TestMountpointPolicies(t *testing.T) {
 		{"/", true},
 
 		{"/bin", false},
-		{"/custom", false},
 		{"/dev", false},
 		{"/etc", false},
 		{"/lib", false},
 		{"/lib64", false},
 		{"/lost+found", false},
-		{"/mnt", false},
 		{"/proc", false},
-		{"/root", false},
 		{"/run", false},
 		{"/sbin", false},
 		{"/sys", false},
 		{"/sysroot", false},
 
+		{"/mnt", true},
+		{"/root", true},
+
+		{"/custom", true},
+		{"/custom/dir", true},
+
 		{"/boot", true},
-		{"/boot/dir", false},
+		{"/boot/dir", true},
 		{"/boot/efi", false},
 
 		{"/var", true},