Reject non-empty directories for new WSLC session storage#40655
Reject non-empty directories for new WSLC session storage#40655beena352 wants to merge 12 commits into
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a wslcsession marker-file convention at the root of a WSLC session storage directory so the service can distinguish directories it owns from arbitrary user content, and rejects new session creation into a non-empty, unmarked directory. Also wires IErrorInfo/COMServiceExecutionContext through the per-user WSLCSessionFactory and WSLCSessionManager so the user-facing rejection message reaches the CLI/test caller.
Changes:
- Add
EnsureSessionMarkerhelper inWSLCSession::ConfigureStorage(new sessions require empty dir + stamp marker; existing VHD paths get a legacy upgrade stamp). - Add
ISupportErrorInfo+COMServiceExecutionContexttoWSLCSessionFactoryand propagateIErrorInfofrom factory to caller inWSLCSessionManagerImpl::CreateSession; addISupportErrorInfotoWSLCSessionManager. - Add API-level and e2e tests for marker rejection and legacy auto-upgrade; add localized
MessageWslcSessionStorageMustBeEmpty.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| src/windows/wslcsession/WSLCSession.cpp | New EnsureSessionMarker helper and wiring into ConfigureStorage for new/existing storage paths. |
| src/windows/wslcsession/WSLCSessionFactory.cpp | Establish COMServiceExecutionContext around CreateSession and implement InterfaceSupportsErrorInfo. |
| src/windows/wslcsession/WSLCSessionFactory.h | Add ISupportErrorInfo base and method declaration. |
| src/windows/service/exe/WSLCSessionManager.cpp | Inspect IErrorInfo after factory failure and re-throw with user-facing message; implement InterfaceSupportsErrorInfo. |
| src/windows/service/exe/WSLCSessionManager.h | Add ISupportErrorInfo base and method declaration. |
| test/windows/WSLCTests.cpp | New API-level cases: non-empty dir rejection and wslcsession-as-directory rejection with COM error validation. |
| test/windows/wslc/e2e/WSLCE2ESessionEnterTests.cpp | E2E test verifying marker creation on default session and legacy auto-upgrade. |
| localization/strings/en-US/Resources.resw | New MessageWslcSessionStorageMustBeEmpty localized string. |
OneBlue
left a comment
OneBlue
left a comment
There was a problem hiding this comment.
I think refusing to create a session storage if the directory is non-empty makes sense (although I worry a bit about this putting us in a corner, like if there's ever a thumdb.db, desktop.ini or similar file created, this could "lock a user out" of using that folder permanently)
I'm not sure about the marker file though. Whenever we create a storage folder, we always create a storage VHD, so could we use that directly instead ?
…slc-session-storage-marker
…eenachauhan/wslc-session-storage-marker
beena352
changed the title
| THROW_HR_WITH_USER_ERROR(factoryHr, comError->Message.get()); | ||
| } | ||
|
|
||
| THROW_IF_FAILED(factoryHr); |
There was a problem hiding this comment.
nit: This could be changed to just THROW_HR, since we know it's a failed HRESULT
| // Only check emptiness for new sessions. Existing sessions are identified by their VHD. | ||
| if (!vhdExists) | ||
| { | ||
| const bool isDir = std::filesystem::is_directory(storagePath, ec); |
There was a problem hiding this comment.
Could we always call is_empty, and look at is_empty's error on failure so we don't need to specifically handle the isDir vs !isDir case ourselves ?
| }; | ||
|
|
||
| std::error_code ec; | ||
| const auto vhdPath = storagePath / c_storageVhdFilename; |
There was a problem hiding this comment.
nit: We could set m_storageVhdPath here so we don't need to duplicate this in ConfigureStorage()
There was a problem hiding this comment.
Asking because I think we should keep that logic in ConfigureStorage if possible, because there we already check if the VHD exists or not, so we could have the logic to fail if the directory is not empty there, which should help simplify this
| TraceLoggingValue(m_displayName.c_str(), "DisplayName"), | ||
| TraceLoggingValue(Settings->CreatorPid, "CreatorPid")); | ||
|
|
||
| // Validate storage path before creating VM resources (Terminate() would clobber the error). |
There was a problem hiding this comment.
What causes Terminate() to clobber the error in that case ?
Summary of the Pull Request
Prevent users from accidentally reusing existing non-empty directories as WSLC session storage. For new sessions, validate that the storage directory is either empty or non-existent. Existing sessions identified by their storage.vhdx VHD bypass this check, so users can re-enter sessions freely even if additional files are present in the storage directory.
PR Checklist
Detailed Description of the Pull Request / Additional comments
Validate session storage paths at initialization time:
This prevents data loss by ensuring new sessions don't accidentally overwrite unrelated user files placed in the storage directory. Once a session is created (VHD exists), the directory can contain other files without blocking re-entry.
Validation Steps Performed