daemon: delete flattenNestedWorkHome and normaliseHomeDirPerms

Both helpers are stranded: commit f068536 dropped their last callers from ensureAuthorizedKeyOnWorkDisk and seedAuthorizedKeyOnExt4Image, and commit 6ab1a2b dropped the ensureGitIdentity / runFileSync calls that still held them up. Every on-disk-patch code path now drives the ext4 image directly via MkdirExt4 / WriteExt4FileOwned / EnsureExt4RootPerms. Also drops TestFlattenNestedWorkHomeCopiesEntriesIndividually — premise gone with the function. The sshd_config_test comment referencing normaliseHomeDirPerms now points at EnsureExt4RootPerms. Net sudo reduction across the five-commit series: work-disk creation, authsync, image seeding, git identity sync, and file_sync all drop sudo entirely against user-owned ext4 files. Remaining sudo in internal/daemon is confined to firecracker process launch, tap/dm device setup, iptables/NAT, and dmsnap/fcproc — things that legitimately need CAP_SYS_ADMIN or CAP_NET_ADMIN. MountTempDir stays on exclusively as an image-build helper. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 18:33:06 -03:00 · 2026-04-23 18:33:06 -03:00 · 02773c1cf5
commit 02773c1cf5
parent 6ab1a2b844
4 changed files with 1 additions and 75 deletions
--- a/internal/daemon/vm_disk.go
+++ b/internal/daemon/vm_disk.go
@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 	"os"
-	"path/filepath"
 	"strconv"
 	"strings"

@ -177,27 +176,3 @@ func sshdGuestConfig() string {
 	}, "\n")
 }

-// flattenNestedWorkHome is a package-level helper used by the image,
-// workspace-sync, and VM-disk paths, so it takes the runner explicitly
-// rather than belonging to any one service struct.
-func flattenNestedWorkHome(ctx context.Context, runner system.CommandRunner, workMount string) error {
-	nestedHome := filepath.Join(workMount, "root")
-	if !exists(nestedHome) {
-		return nil
-	}
-	if _, err := runner.RunSudo(ctx, "chmod", "755", nestedHome); err != nil {
-		return err
-	}
-	entries, err := os.ReadDir(nestedHome)
-	if err != nil {
-		return err
-	}
-	for _, entry := range entries {
-		sourcePath := filepath.Join(nestedHome, entry.Name())
-		if _, err := runner.RunSudo(ctx, "cp", "-a", sourcePath, workMount+"/"); err != nil {
-			return err
-		}
-	}
-	_, err = runner.RunSudo(ctx, "rm", "-rf", nestedHome)
-	return err
-}