Handle direct home mounts without symlink indirection

Wuodan · Wuodan · commit 187d5be47c09 · 2026-02-26T18:48:54.000+01:00
diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh
@@ -10,8 +10,6 @@ set -euo pipefail
 # - AICAGE_HOME: posix host home path
 # - AICAGE_HOST_IS_LINUX: set to non-empty on Linux hosts; empty otherwise
 
-AICAGE_USER_HOME_MOUNTS_DIR="/aicage/user-home"
-
 AICAGE_WORKSPACE="${AICAGE_WORKSPACE:-/workspace}"
 
 if [[ -z "${AICAGE_HOST_IS_LINUX:-}" ]]; then
@@ -40,32 +38,6 @@ is_mountpoint() {
   [ "$(stat -c %d "$path" 2>/dev/null)" != "$(stat -c %d "$parent" 2>/dev/null)" ]
 }
 
-is_within_mountpoint() {
-  local path="$1"
-  local mountinfo mount_point
-  mountinfo="/proc/self/mountinfo"
-  if [ -r "${mountinfo}" ]; then
-    while IFS= read -r mount_point; do
-      if [[ "${path}" == "${mount_point}" || "${path}" == "${mount_point}/"* ]]; then
-        return 0
-      fi
-    done < <(awk '{print $5}' "${mountinfo}")
-    return 1
-  fi
-  local current
-  current="$path"
-  while true; do
-    if [ -e "$current" ] && is_mountpoint "$current"; then
-      return 0
-    fi
-    if [ "$current" = "/" ]; then
-      break
-    fi
-    current="$(dirname "$current")"
-  done
-  return 1
-}
-
 ensure_home_is_not_mounted() {
   local path="$1"
   local current
@@ -82,28 +54,6 @@ ensure_home_is_not_mounted() {
   done
 }
 
-replace_symlink() {
-  local target_path="$1"
-  local link_path="$2"
-  local resolved_path
-
-  resolved_path="$link_path"
-  if [[ -e "${link_path}" || -L "${link_path}" ]]; then
-    resolved_path="$(readlink -f "${link_path}" 2>/dev/null || printf "%s" "${link_path}")"
-  fi
-  if is_within_mountpoint "$resolved_path"; then
-    return 0
-  fi
-
-  if [[ -e "${link_path}" || -L "${link_path}" ]]; then
-    local timestamp backup_path
-    timestamp="$(date +%Y%m%d%H%M%S%N)"
-    backup_path="${link_path}.${timestamp}"
-    mv "${link_path}" "${backup_path}"
-  fi
-  ln -sfn "${target_path}" "${link_path}"
-}
-
 copy_skel_if_safe() {
   local home_dir="$1"
   local uid="$2"
@@ -141,34 +91,92 @@ set_target_env() {
 }
 
 list_home_mount_points() {
-  local mountinfo
+  local mountinfo line mount_point
   mountinfo="/proc/self/mountinfo"
   [ -r "${mountinfo}" ] || return 0
-  # /proc/self/mountinfo format:
-  # field 5 is the mount point path
-  # we only want mount points under /aicage/user-home
-  awk -v base="${AICAGE_USER_HOME_MOUNTS_DIR}" '$5 ~ "^"base {print $5}' "${mountinfo}"
+
+  while IFS= read -r line; do
+    set -- ${line}
+    mount_point="$5"
+    if [[ "${mount_point}" == "${AICAGE_HOME}" || "${mount_point}" == "${AICAGE_HOME}/"* ]]; then
+      printf '%s\n' "${mount_point}"
+    fi
+  done < "${mountinfo}" | sort -u
 }
 
-setup_home_mount_links() {
-  local rel_path mount_point host_link root_link
-  [ -d "${AICAGE_USER_HOME_MOUNTS_DIR}" ] || return 0
+normalize_mount_path() {
+  local path="$1"
+  if [ -d "${path}" ]; then
+    printf '%s/\n' "${path%/}"
+  else
+    printf '%s\n' "${path}"
+  fi
+}
 
-  while IFS= read -r mount_point; do
-    if [[ "${mount_point}" == "${AICAGE_USER_HOME_MOUNTS_DIR}" ]]; then
-      continue
-    fi
-    rel_path="${mount_point#${AICAGE_USER_HOME_MOUNTS_DIR}/}"
-    host_link="${AICAGE_HOME}/${rel_path}"
-    mkdir -p "$(dirname "${host_link}")"
-    replace_symlink "${mount_point}" "${host_link}"
-
-    if [[ -z "${AICAGE_HOST_IS_LINUX:-}" ]]; then
-      root_link="${TARGET_HOME}/${rel_path}"
-      mkdir -p "$(dirname "${root_link}")"
-      replace_symlink "${mount_point}" "${root_link}"
+filter_nested_mount_points() {
+  local i j
+  local is_nested
+  local -a mount_points
+
+  mount_points=("$@")
+  for i in "${!mount_points[@]}"; do
+    mount_points[i]="$(normalize_mount_path "${mount_points[i]}")"
+  done
+
+  for i in "${!mount_points[@]}"; do
+    [ -n "${mount_points[i]}" ] || continue
+    is_nested=0
+    for j in "${!mount_points[@]}"; do
+      [ -n "${mount_points[j]}" ] || continue
+      if [[ "${i}" -eq "${j}" ]]; then
+        continue
+      fi
+      if [[ "${mount_points[i]}" == "${mount_points[j]}"* ]]; then
+        is_nested=1
+        break
+      fi
+    done
+    if [[ "${is_nested}" -eq 0 ]]; then
+      printf '%s\n' "${mount_points[i]}"
     fi
-  done < <(list_home_mount_points)
+  done
+}
+
+ensure_home_mount_parents_owned() {
+  local uid="$1"
+  local gid="$2"
+  local current mount_point
+  local -a mount_points mount_points_filtered
+  local -A visited_dirs
+  mapfile -t mount_points < <(list_home_mount_points)
+  mapfile -t mount_points_filtered < <(filter_nested_mount_points "${mount_points[@]}")
+  visited_dirs=()
+
+  if [ -d "${AICAGE_HOME}" ] && ! is_mountpoint "${AICAGE_HOME}"; then
+    chown "${uid}:${gid}" "${AICAGE_HOME}"
+  fi
+
+  for mount_point in "${mount_points_filtered[@]}"; do
+    current="$(dirname "${mount_point}")"
+    while [[ "${current}" == "${AICAGE_HOME}" || "${current}" == "${AICAGE_HOME}/"* ]]; do
+      if [[ "${current}" == "${AICAGE_HOME}" ]]; then
+        break
+      fi
+      if [[ -n "${visited_dirs[$current]:-}" ]]; then
+        current="$(dirname "${current}")"
+        continue
+      fi
+      visited_dirs["$current"]=1
+      if is_mountpoint "${current}"; then
+        current="$(dirname "${current}")"
+        continue
+      fi
+      if [ -d "${current}" ]; then
+        chown "${uid}:${gid}" "${current}"
+      fi
+      current="$(dirname "${current}")"
+    done
+  done
 }
 
 setup_user_and_group() {
@@ -193,7 +201,11 @@ setup_user_and_group() {
     groupadd -g "${AICAGE_GID}" "${TARGET_USER}"
   fi
 
-  useradd --create-home -u "${AICAGE_UID}" -g "${AICAGE_GID}" -d "${AICAGE_HOME}" -s /bin/bash "${TARGET_USER}"
+  if [[ -d "${AICAGE_HOME}" ]]; then
+    useradd --no-create-home -u "${AICAGE_UID}" -g "${AICAGE_GID}" -d "${AICAGE_HOME}" -s /bin/bash "${TARGET_USER}"
+  else
+    useradd --create-home -u "${AICAGE_UID}" -g "${AICAGE_GID}" -d "${AICAGE_HOME}" -s /bin/bash "${TARGET_USER}"
+  fi
   TARGET_HOME="${AICAGE_HOME}"
 
   copy_skel_if_safe "${AICAGE_HOME}" "${AICAGE_UID}" "${AICAGE_GID}"
@@ -224,14 +236,10 @@ setup_docker_group() {
 }
 
 setup_workspace() {
-  if [ -e "${AICAGE_WORKSPACE}" ]; then
+  if [ -e "${AICAGE_WORKSPACE}" ] && ! is_mountpoint "${AICAGE_WORKSPACE}"; then
     chown "${AICAGE_UID}:${AICAGE_GID}" "${AICAGE_WORKSPACE}"
   fi
-  if [ -d "${TARGET_HOME}" ]; then
-    if ! is_mountpoint "/home" && ! is_mountpoint "${TARGET_HOME}"; then
-      chown "${AICAGE_UID}:${AICAGE_GID}" "${TARGET_HOME}"
-    fi
-  fi
+  ensure_home_mount_parents_owned "${AICAGE_UID}" "${AICAGE_GID}"
 }
 
 ensure_home_is_not_mounted "/home"
@@ -247,7 +255,6 @@ else
 fi
 
 ensure_home_is_not_mounted "${AICAGE_HOME}"
-setup_home_mount_links
 set_target_env "${TARGET_HOME}" "${TARGET_USER}"
 
 if [[ ! -e "${AICAGE_WORKSPACE}" ]]; then
diff --git a/tests/smoke/default/90-entrypoint-user.bats b/tests/smoke/default/90-entrypoint-user.bats
@@ -84,3 +84,29 @@
   [ "${user}" = "root" ]
   [ "${home}" = "/root" ]
 }
+
+@test "existing home directory is reused for target user" {
+  run docker run --rm \
+    --env AICAGE_WORKSPACE=/workspace \
+    --entrypoint /bin/bash \
+    --env AICAGE_HOST_IS_LINUX=true \
+    --env AICAGE_UID=2234 \
+    --env AICAGE_GID=3234 \
+    --env AICAGE_HOST_USER=demo \
+    --env AICAGE_HOME=/home/demo \
+    "${AICAGE_IMAGE_BASE_IMAGE}" \
+    -c '
+      set -euo pipefail
+      mkdir -p /home/demo
+      chown 0:0 /home/demo
+      /usr/local/bin/entrypoint.sh -c "set -euo pipefail; echo \"\$(id -u):\$(id -g):\${HOME}:\$(stat -c %u:%g /home/demo)\""
+    '
+  [ "$status" -eq 0 ]
+  result="$(printf '%s\n' "${output}" | tail -n 1)"
+  IFS=':' read -r uid gid home home_uid home_gid <<<"${result}"
+  [ "${uid}" -eq 2234 ]
+  [ "${gid}" -eq 3234 ]
+  [ "${home}" = "/home/demo" ]
+  [ "${home_uid}" -eq 2234 ]
+  [ "${home_gid}" -eq 3234 ]
+}
diff --git a/tests/smoke/default/91-entrypoint-mounts.bats b/tests/smoke/default/91-entrypoint-mounts.bats
