Skip to content

Bug: Missing Error Propagation on Deferred target.Close() in copyFile leads to Corrupted Rootfs #566

@vedant21-oss

Description

@vedant21-oss

Describe the bug
In pkg/unikontainers/utils.go, the copyFile helper manages transferring files via io.Copy() and leverages defer target.Close() for the destination file pointer cleanup.

Errors returned by target.Close() are currently silently swallowed. In Go, io.Copy() relies heavily on system-level buffered I/O. When caching runtime configurations or staging guest payloads into tight memory boundaries (e.g., small tmpfs partitions), the actual data flush often happens synchronously during process closure. When flushing fails (e.g. out of memory/disk space limits), target.Close() evaluates to an error. By abandoning this specific error matrix inside the defer, copyFile will erroneously return nil despite staging a truncated or corrupted file, which leads to urunc silently configuring corrupted boot components.

Proposed Solution
Refactor the function exit trajectory to explicitly invoke and validate the file pointer closure:
if err := target.Close(); err != nil {
return fmt.Errorf("failed to sync duplicated file: %w", err)
}
return nil

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions