volume: resolve symlinks in paths

ensure the volume paths are resolved in the mountpoint scope. Otherwise we might end up using host paths. Closes: https://github.com/containers/libpod/issues/1608 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2018-10-09 10:48:28 +02:00 · 2018-10-09 10:48:28 +02:00 · 6dd6ce1ebc
parent 2ad6012ea1
commit 6dd6ce1ebc
1 changed files with 13 additions and 2 deletions
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@ -13,6 +13,7 @@ import (
 	"strings"
 	"syscall"

+	"github.com/containers/buildah/imagebuildah"
 	"github.com/containers/libpod/pkg/chrootuser"
 	"github.com/containers/libpod/pkg/hooks"
 	"github.com/containers/libpod/pkg/hooks/exec"
@ -1193,8 +1194,6 @@ func (c *Container) addLocalVolumes(ctx context.Context, g *generate.Generator)
 			continue
 		}
 		volumePath := filepath.Join(c.config.StaticDir, "volumes", k)
-		srcPath := filepath.Join(mountPoint, k)
-
 		var (
 			uid uint32
 			gid uint32
@ -1209,6 +1208,18 @@ func (c *Container) addLocalVolumes(ctx context.Context, g *generate.Generator)
 			}
 		}

+		// Ensure the symlinks are resolved
+		resolvedSymlink, err := imagebuildah.ResolveSymLink(mountPoint, k)
+		if err != nil {
+			return errors.Wrapf(ErrCtrStateInvalid, "cannot resolve %s in %s for container %s", k, mountPoint, c.ID())
+		}
+		var srcPath string
+		if resolvedSymlink != "" {
+			srcPath = filepath.Join(mountPoint, resolvedSymlink)
+		} else {
+			srcPath = filepath.Join(mountPoint, k)
+		}
+
 		if _, err := os.Stat(srcPath); os.IsNotExist(err) {
 			logrus.Infof("Volume image mount point %s does not exist in root FS, need to create it", k)
 			if err = os.MkdirAll(srcPath, 0755); err != nil {