From 6dd6ce1ebcdb17023f09fad93698d09408227385 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Tue, 9 Oct 2018 10:48:28 +0200
Subject: volume: resolve symlinks in paths

ensure the volume paths are resolved in the mountpoint scope.

Otherwise we might end up using host paths.

Closes: https://github.com/containers/libpod/issues/1608

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 libpod/container_internal.go | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 0a17996d6..9291d72c1 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -13,6 +13,7 @@ import (
 	"strings"
 	"syscall"
 
+	"github.com/containers/buildah/imagebuildah"
 	"github.com/containers/libpod/pkg/chrootuser"
 	"github.com/containers/libpod/pkg/hooks"
 	"github.com/containers/libpod/pkg/hooks/exec"
@@ -1193,8 +1194,6 @@ func (c *Container) addLocalVolumes(ctx context.Context, g *generate.Generator)
 			continue
 		}
 		volumePath := filepath.Join(c.config.StaticDir, "volumes", k)
-		srcPath := filepath.Join(mountPoint, k)
-
 		var (
 			uid uint32
 			gid uint32
@@ -1209,6 +1208,18 @@ func (c *Container) addLocalVolumes(ctx context.Context, g *generate.Generator)
 			}
 		}
 
+		// Ensure the symlinks are resolved
+		resolvedSymlink, err := imagebuildah.ResolveSymLink(mountPoint, k)
+		if err != nil {
+			return errors.Wrapf(ErrCtrStateInvalid, "cannot resolve %s in %s for container %s", k, mountPoint, c.ID())
+		}
+		var srcPath string
+		if resolvedSymlink != "" {
+			srcPath = filepath.Join(mountPoint, resolvedSymlink)
+		} else {
+			srcPath = filepath.Join(mountPoint, k)
+		}
+
 		if _, err := os.Stat(srcPath); os.IsNotExist(err) {
 			logrus.Infof("Volume image mount point %s does not exist in root FS, need to create it", k)
 			if err = os.MkdirAll(srcPath, 0755); err != nil {
-- 
cgit v1.2.3-54-g00ecf