summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/fs/host/fs.go
diff options
context:
space:
mode:
authorBrian Geffon <bgeffon@google.com>2018-12-04 14:31:08 -0800
committerShentubot <shentubot@google.com>2018-12-04 14:32:03 -0800
commit82719be42e636f86780d21b01e10ecb2c9a25e53 (patch)
tree1c635cae30683e3cdc13a497cf529063ed7f56dc /pkg/sentry/fs/host/fs.go
parentadafc08d7cee594ea94abefbedf67ea315922550 (diff)
Max link traversals should be for an entire path.
The number of symbolic links that are allowed to be followed are for a full path and not just a chain of symbolic links. PiperOrigin-RevId: 224047321 Change-Id: I5e3c4caf66a93c17eeddcc7f046d1e8bb9434a40
Diffstat (limited to 'pkg/sentry/fs/host/fs.go')
-rw-r--r--pkg/sentry/fs/host/fs.go3
1 files changed, 2 insertions, 1 deletions
diff --git a/pkg/sentry/fs/host/fs.go b/pkg/sentry/fs/host/fs.go
index fec890964..54cbb94f9 100644
--- a/pkg/sentry/fs/host/fs.go
+++ b/pkg/sentry/fs/host/fs.go
@@ -170,7 +170,8 @@ func installWhitelist(ctx context.Context, m *fs.MountNamespace, paths []string)
current := paths[i][:j]
// Lookup the given component in the tree.
- d, err := m.FindLink(ctx, root, nil, current, maxTraversals)
+ remainingTraversals := uint(maxTraversals)
+ d, err := m.FindLink(ctx, root, nil, current, &remainingTraversals)
if err != nil {
log.Warningf("populate failed for %q: %v", current, err)
continue