From b267ea47038168acf40b28a403309da32e223aef Mon Sep 17 00:00:00 2001
From: "Brian C. Lane" <bcl@redhat.com>
Date: Tue, 23 Jan 2024 15:39:59 -0800
Subject: [PATCH] Check blueprint mountpoints against OSTree mountpoint
 policies

This requires a new release of images that exposes the policies package.
---
 bib/cmd/bootc-image-builder/image.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/bib/cmd/bootc-image-builder/image.go b/bib/cmd/bootc-image-builder/image.go
index 00bc0b59..0601a73c 100644
--- a/bib/cmd/bootc-image-builder/image.go
+++ b/bib/cmd/bootc-image-builder/image.go
@@ -15,6 +15,7 @@ import (
 	"github.com/osbuild/images/pkg/image"
 	"github.com/osbuild/images/pkg/manifest"
 	"github.com/osbuild/images/pkg/platform"
+	"github.com/osbuild/images/pkg/policies"
 	"github.com/osbuild/images/pkg/rpmmd"
 	"github.com/osbuild/images/pkg/runner"
 )
@@ -106,6 +107,11 @@ func manifestForDiskImage(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest
 		img.KernelOptionsAppend = append(img.KernelOptionsAppend, kopts.Append)
 	}
 
+	// Check the filesystem customizations against the policy
+	if err := blueprint.CheckMountpointsPolicy(customizations.GetFilesystems(), policies.OstreeMountpointPolicies); err != nil {
+		return nil, err
+	}
+
 	basept, ok := partitionTables[c.Architecture.String()]
 	if !ok {
 		return nil, fmt.Errorf("pipelines: no partition tables defined for %s", c.Architecture)