Add loader state checks for start commands.

In a normal startup sequence, StartRoot() is called on a "created"
Loader. Then StartSubcontainer() is called on a "started" Loader for
all sub-containers in the Pod.

We do not want to allow either start methods to be called on a restoring
container, otherwise, it can put the sandbox is a weird state.

PiperOrigin-RevId: 831584019

Author: ayushr2

runsc/boot/controller.go

@@ -270,6 +270,12 @@ type containerManager struct {
 // StartRoot will start the root container process.
 func (cm *containerManager) StartRoot(cid *string, _ *struct{}) error {
 	log.Debugf("containerManager.StartRoot, cid: %s", *cid)
+	cm.l.mu.Lock()
+	state := cm.l.state
+	cm.l.mu.Unlock()
+	if state != created {
+		return fmt.Errorf("sandbox is not in created state, cannot start root container: state=%s", state)
+	}
 	// Tell the root container to start and wait for the result.
 	return cm.onStart()
 }
@@ -366,6 +372,12 @@ func (cm *containerManager) StartSubcontainer(args *StartArgs, _ *struct{}) erro
 	if args.CID == "" {
 		return errors.New("start argument missing container ID")
 	}
+	cm.l.mu.Lock()
+	state := cm.l.state
+	cm.l.mu.Unlock()
+	if state != started {
+		return fmt.Errorf("sandbox is not in started state, cannot start subcontainer: state=%s", state)
+	}
 	expectedFDs := 1 // At least one FD for the root filesystem.
 	expectedFDs += args.NumGoferFilestoreFDs
 	if args.IsDevIoFilePresent {