[lxc-devel] [lxd/master] fuidshift: expand symlinks to last path component

Thu, 15 Sep 2016 03:00:31 -0700 

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/2380

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
So far doUidshiftIntoContainer() expanded all symlinks in the path it got
passed. This meant, that when the user created symlinks referring to
non-existing files or referring to paths on the host fuidshift would either fail
in the first case or change files on the host. With this commit, we start to
only resolve the path that gets passed to fuidshift up to the last path
component. This should be safe since shiftowner() in shared/util_linux.go will
a) perform another safety check and b) will only change ownership of the symlink
itself.

Signed-off-by: Christian Brauner <christian.brau...@canonical.com>

From 0d56d9d3b2fe0e6bf4716611bac8b6fe916341cf Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brau...@canonical.com>
Date: Thu, 15 Sep 2016 11:53:01 +0200
Subject: [PATCH] fuidshift: expand symlinks to last path component

So far doUidshiftIntoContainer() expanded all symlinks in the path it got
passed. This meant, that when the user created symlinks referring to
non-existing files or referring to paths on the host fuidshift would either fail
in the first case or change files on the host. With this commit, we start to
only resolve the path that gets passed to fuidshift up to the last path
component. This should be safe since shiftowner() in shared/util_linux.go will
a) perform another safety check and b) will only change ownership of the symlink
itself.

Signed-off-by: Christian Brauner <christian.brau...@canonical.com>
---
 shared/idmapset_linux.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/shared/idmapset_linux.go b/shared/idmapset_linux.go
index b02a40d..b3d81d6 100644
--- a/shared/idmapset_linux.go
+++ b/shared/idmapset_linux.go
@@ -223,11 +223,13 @@ func GetOwner(path string) (int, int, error) {
 }
 
 func (set *IdmapSet) doUidshiftIntoContainer(dir string, testmode bool, how 
string) error {
-       // Expand any symlink in dir and cleanup resulting path
-       dir, err := filepath.EvalSymlinks(dir)
+       // Expand any symlink before the final path component
+       tmp := filepath.Dir(dir)
+       tmp, err := filepath.EvalSymlinks(tmp)
        if err != nil {
                return err
        }
+       dir = filepath.Join(tmp, filepath.Base(dir))
        dir = strings.TrimRight(dir, "/")
 
        convert := func(path string, fi os.FileInfo, err error) (e error) {

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to