Bug: Missing Error Propagation on Deferred target.Close() in copyFile leads to Corrupted Rootfs

[vedant21-oss]

Describe the bug
In pkg/unikontainers/utils.go, the copyFile helper manages transferring files via io.Copy() and leverages defer target.Close() for the destination file pointer cleanup.

Errors returned by target.Close() are currently silently swallowed. In Go, io.Copy() relies heavily on system-level buffered I/O. When caching runtime configurations or staging guest payloads into tight memory boundaries (e.g., small tmpfs partitions), the actual data flush often happens synchronously during process closure. When flushing fails (e.g. out of memory/disk space limits), target.Close() evaluates to an error. By abandoning this specific error matrix inside the defer, copyFile will erroneously return nil despite staging a truncated or corrupted file, which leads to urunc silently configuring corrupted boot components.

Proposed Solution
Refactor the function exit trajectory to explicitly invoke and validate the file pointer closure:
if err := target.Close(); err != nil {
return fmt.Errorf("failed to sync duplicated file: %w", err)
}
return nil

[cmainas]

Hello @vedant21-oss ,

thank you for opening this issue. Indeed, we do not check the result of Close(). Have you encountered any bug as the one you described (corrupted boot components)?

[vedant21-oss]

Hey @cmainas, thanks! I haven't seen it corrupt a rootfs in the wild yet. I found the missing error propagation during a static code review. Would you be open to me submitting a quick PR to fix it?