From 6dd6ce1ebcdb17023f09fad93698d09408227385 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 9 Oct 2018 10:48:28 +0200 Subject: volume: resolve symlinks in paths ensure the volume paths are resolved in the mountpoint scope. Otherwise we might end up using host paths. Closes: https://github.com/containers/libpod/issues/1608 Signed-off-by: Giuseppe Scrivano --- libpod/container_internal.go | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'libpod') diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 0a17996d6..9291d72c1 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -13,6 +13,7 @@ import ( "strings" "syscall" + "github.com/containers/buildah/imagebuildah" "github.com/containers/libpod/pkg/chrootuser" "github.com/containers/libpod/pkg/hooks" "github.com/containers/libpod/pkg/hooks/exec" @@ -1193,8 +1194,6 @@ func (c *Container) addLocalVolumes(ctx context.Context, g *generate.Generator) continue } volumePath := filepath.Join(c.config.StaticDir, "volumes", k) - srcPath := filepath.Join(mountPoint, k) - var ( uid uint32 gid uint32 @@ -1209,6 +1208,18 @@ func (c *Container) addLocalVolumes(ctx context.Context, g *generate.Generator) } } + // Ensure the symlinks are resolved + resolvedSymlink, err := imagebuildah.ResolveSymLink(mountPoint, k) + if err != nil { + return errors.Wrapf(ErrCtrStateInvalid, "cannot resolve %s in %s for container %s", k, mountPoint, c.ID()) + } + var srcPath string + if resolvedSymlink != "" { + srcPath = filepath.Join(mountPoint, resolvedSymlink) + } else { + srcPath = filepath.Join(mountPoint, k) + } + if _, err := os.Stat(srcPath); os.IsNotExist(err) { logrus.Infof("Volume image mount point %s does not exist in root FS, need to create it", k) if err = os.MkdirAll(srcPath, 0755); err != nil { -- cgit v1.2.3-54-g00ecf