diff options
author | Brian Geffon <bgeffon@google.com> | 2018-12-04 14:31:08 -0800 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2018-12-04 14:32:03 -0800 |
commit | 82719be42e636f86780d21b01e10ecb2c9a25e53 (patch) | |
tree | 1c635cae30683e3cdc13a497cf529063ed7f56dc /pkg/sentry/fs/host/fs.go | |
parent | adafc08d7cee594ea94abefbedf67ea315922550 (diff) |
Max link traversals should be for an entire path.
The number of symbolic links that are allowed to be followed
are for a full path and not just a chain of symbolic links.
PiperOrigin-RevId: 224047321
Change-Id: I5e3c4caf66a93c17eeddcc7f046d1e8bb9434a40
Diffstat (limited to 'pkg/sentry/fs/host/fs.go')
-rw-r--r-- | pkg/sentry/fs/host/fs.go | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/pkg/sentry/fs/host/fs.go b/pkg/sentry/fs/host/fs.go index fec890964..54cbb94f9 100644 --- a/pkg/sentry/fs/host/fs.go +++ b/pkg/sentry/fs/host/fs.go @@ -170,7 +170,8 @@ func installWhitelist(ctx context.Context, m *fs.MountNamespace, paths []string) current := paths[i][:j] // Lookup the given component in the tree. - d, err := m.FindLink(ctx, root, nil, current, maxTraversals) + remainingTraversals := uint(maxTraversals) + d, err := m.FindLink(ctx, root, nil, current, &remainingTraversals) if err != nil { log.Warningf("populate failed for %q: %v", current, err) continue |