Skip to content

Fix handling of read-only source file cloning #139

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
JAORMX merged 2 commits into from
Apr 28, 2026
Merged

Fix handling of read-only source file cloning #139

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
45a1f17
Reorder error evaluation when creating snapshot
Kensan Apr 27, 2026
3691a0d
Fix cloning of read-only source files
Kensan Apr 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions internal/infra/workspace/clone.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,8 @@ func copyFile(src, dst string) error {
// Strip setuid/setgid/sticky — only preserve rwx permissions.
mode := info.Mode().Perm()

df, err := os.OpenFile(dst, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, mode)
// Open writable and change permissions after copy to handle read-only src.
df, err := os.OpenFile(dst, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o600)
if err != nil {
return fmt.Errorf("creating destination: %w", err)
}
Expand All @@ -48,7 +49,11 @@ func copyFile(src, dst string) error {
}

// Explicitly close and return any error (e.g., NFS write-back failure).
return df.Close()
if err := df.Close(); err != nil {
return err
}

return os.Chmod(dst, mode)
}

// ValidateInBounds verifies that targetPath (after resolution) is within
Expand Down
9 changes: 7 additions & 2 deletions internal/infra/workspace/clone_linux.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,11 +43,16 @@ func (c *linuxCloner) tryFiclone(src, dst string) error {
return err
}

dstFile, err := os.OpenFile(dst, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, srcInfo.Mode())
// Open writable and change permissions after clone to handle read-only src.
dstFile, err := os.OpenFile(dst, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o600)
if err != nil {
return err
}
defer func() { _ = dstFile.Close() }()

return unix.IoctlFileClone(int(dstFile.Fd()), int(srcFile.Fd()))
if err := unix.IoctlFileClone(int(dstFile.Fd()), int(srcFile.Fd())); err != nil {
return err
}

return os.Chmod(dst, srcInfo.Mode().Perm())
}
6 changes: 3 additions & 3 deletions internal/infra/workspace/snapshot.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,12 +148,12 @@ func (c *FSWorkspaceCloner) CreateSnapshot(ctx context.Context, workspacePath st
// Always wait for workers to finish before cleanup runs, even if walk failed.
waitErr := g.Wait()

if err != nil {
return nil, fmt.Errorf("walking workspace: %w", err)
}
if waitErr != nil {
return nil, fmt.Errorf("cloning files: %w", waitErr)
}
if err != nil {
return nil, fmt.Errorf("walking workspace: %w", err)
}

// Write sentinel file with our PID to identify this as an active snapshot.
// The PID allows stale cleanup to distinguish dead-process snapshots from
Expand Down