Add Phase 0 support: mount, recognize, and validate container images by liulanze · Pull Request #708 · microsoft/azure-linux-image-tools

liulanze · 2026-04-23T22:59:59Z

Enables Image Customizer to mount and recognize container images without modifying them, laying the foundation for full support in subsequent phases. This adds distro detection via VARIANT_ID=azurecontainerlinux in os-release (with /usr/lib/os-release fallback per the os-release(5) spec), a new aclDistroHandler with specific ESP path (boot instead of boot/efi) and systemd-boot bootloader detection, and IC-specific fstab discovery at /usr/share/ic/etc/fstab for USR partition. All hardcoded EspDir usages are replaced with distroHandler.GetEspDir() via a new method on the DistroHandler interface. UKI file discovery is broadened from vmlinuz-*.efi to *.efi to support acl.efi naming, and clearBtrfsReadOnlyProperties is added to handle btrfs subvolumes sealed with ro=true at build time.

Test plan
Verified go vet and go test pass for all affected packages. Ran end-to-end no-op image customization (mount, detect as UKI boot type, output VHD) successfully. Need to verify no regression on Azure Linux 3.0 images.

Checklist

Tests added/updated
Documentation updated (if needed)
Code conforms to style guidelines

Copilot

Pull request overview

This PR adds enablement to Image Customizer by improving distro detection and making ESP/UKI discovery and mount behavior more distro-aware, so ACL images can be mounted and recognized without modification.

Changes:

Add ACL detection via VARIANT_ID=azurecontainerlinux and os-release fallback to /usr/lib/os-release.
Introduce aclDistroHandler and extend DistroHandler with GetEspDir() to remove hardcoded ESP paths.
Broaden UKI discovery to *.efi and add handling for btrfs subvolumes sealed with ro=true.

Reviewed changes

Copilot reviewed 15 out of 15 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
toolkit/tools/pkg/imagecustomizerlib/partitionutils.go	Adds ACL fstab discovery path and broadens UKI file glob to `*.efi`.
toolkit/tools/pkg/imagecustomizerlib/liveosisobuilder.go	Detects distro earlier and passes handler into UKI detection.
toolkit/tools/pkg/imagecustomizerlib/imageutils.go	Adds `/usr/lib/os-release` fallback and btrfs `ro` property clearing helper; threads handler into bootloader config.
toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go	Clears btrfs read-only subvolume properties early; threads handler into UKI-mode validation.
toolkit/tools/pkg/imagecustomizerlib/distrohandler_ubuntu.go	Implements `GetEspDir()` for Ubuntu handler.
toolkit/tools/pkg/imagecustomizerlib/distrohandler_fedora.go	Implements `GetEspDir()` and passes handler into shared bootloader config.
toolkit/tools/pkg/imagecustomizerlib/distrohandler_azurelinux.go	Implements `GetEspDir()` and passes handler into shared bootloader config.
toolkit/tools/pkg/imagecustomizerlib/distrohandler_acl.go	Adds new ACL distro handler (systemd-boot, ESP at `/boot`).
toolkit/tools/pkg/imagecustomizerlib/distrohandler.go	Extends `DistroHandler` interface with `GetEspDir()` and wires ACL into factory.
toolkit/tools/pkg/imagecustomizerlib/customizeuki.go	Makes ESP path distro-aware and allows non-`vmlinuz-*.efi` UKI naming.
toolkit/tools/pkg/imagecustomizerlib/customizeos.go	Threads handler into UKI extraction/cmdline helpers.
toolkit/tools/pkg/imagecustomizerlib/cosicommon.go	Makes standalone UKI entry extraction use distro ESP path.
toolkit/tools/pkg/imagecustomizerlib/bootcustomizer.go	Makes boot config type detection and UKI cmdline extraction use distro ESP path.
toolkit/tools/internal/targetos/targetos.go	Adds ACL target OS detection using `VARIANT_ID`, with `/usr/lib/os-release` fallback.
toolkit/tools/internal/osinfo/osinfo.go	Adds `/usr/lib/os-release` fallback for distro/version display.

Comments suppressed due to low confidence (1)

toolkit/tools/pkg/imagecustomizerlib/cosicommon.go:436

extractUkiEntriesIfPresent assumes kernelName is "vmlinuz-" and errors via getKernelVersion(). With the broadened UKI discovery (e.g., ACL's acl.efi), kernelName may not have the vmlinuz- prefix, which will make COSI boot metadata extraction fail. Consider tolerating non-vmlinuz names here (e.g., set Kernel to "" or to kernelName) instead of returning an error.

		efiPath := filepath.Join("/"+distroHandler.GetEspDir(), "EFI/Linux", fmt.Sprintf("%s.efi", kernelName))
		kernelVersion, err := getKernelVersion(kernelName)
		if err != nil {
			return nil, fmt.Errorf("invalid kernel name in UKI file (%s):\n%w", kernelName, err)
		}

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

bfjelds · 2026-04-24T20:06:34Z

is there a plan to support ACL in osmodifier codepaths as well? (i imagine a lot of this will apply to both IC and OSM, but am curious if OSM is in the support-ACL plans)

liulanze · 2026-04-24T20:16:04Z

is there a plan to support ACL in osmodifier codepaths as well? (i imagine a lot of this will apply to both IC and OSM, but am curious if OSM is in the support-ACL plans)

The current focus is IC support for ACL. @jiria helps to follow up please.

liulanze requested a review from a team as a code owner April 23, 2026 23:00

liulanze requested a review from Copilot April 23, 2026 23:03

Copilot started reviewing on behalf of liulanze April 23, 2026 23:04 View session

Copilot AI reviewed Apr 23, 2026

View reviewed changes

liulanze changed the title ~~Add Phase 0 ACL support: mount, recognize, and validate ACL images~~ Add Phase 0 support: mount, recognize, and validate container images Apr 24, 2026

jiria previously approved these changes Apr 24, 2026

View reviewed changes

Comment thread toolkit/tools/pkg/imagecustomizerlib/distrohandler_acl.go