succd: early refuse unsafe operations

succbone/succd/process_controller.go

@@ -1,5 +1,7 @@
 package main
 
+import "k8s.io/klog"
+
 // daemonController is the control/data interface passed on to external system
 // controllers, eg. the web interface.
 //
@@ -27,12 +29,20 @@ func (d *daemon) snapshot() *daemonState {
 func (d *daemon) rpSet(state bool) {
 	d.mu.Lock()
 	defer d.mu.Unlock()
+	if !state && d.dpOn {
+		klog.Errorf("SAFETY: Refusing to disable roughing pump while diffusion pump is active")
+		return
+	}
 	d.rpOn = state
 }
 
 func (d *daemon) dpSet(state bool) {
 	d.mu.Lock()
 	defer d.mu.Unlock()
+	if state && (d.safety.failsafe || d.safety.highPressure) {
+		klog.Errorf("SAFETY: Refusing to enable diffusion pump with safety alerts present")
+		return
+	}
 	d.dpOn = state
 }