Use spec with clean paths for gofer

Otherwise the gofer's attach point may be different from sandbox when there
symlinks in the path.

PiperOrigin-RevId: 219730492
Change-Id: Ia9c4c2d16228c6a1a9e790e0cb673fd881003fe1

2 files changed, 28 insertions, 16 deletions

diff --git a/runsc/fsgofer/fsgofer.go b/runsc/fsgofer/fsgofer.go
index 4412d7e2f..b5746447f 100644
--- a/runsc/fsgofer/fsgofer.go
+++ b/runsc/fsgofer/fsgofer.go
@@ -26,6 +26,7 @@ import (
 	"math"
 	"os"
 	"path"
+	"path/filepath"
 	"sync"
 	"syscall"
 
@@ -99,24 +100,28 @@ type attachPoint struct {
 }
 
 // NewAttachPoint creates a new attacher that gives local file
-// access to all files under 'prefix'.
-func NewAttachPoint(prefix string, c Config) p9.Attacher {
+// access to all files under 'prefix'. 'prefix' must be an absolute path.
+func NewAttachPoint(prefix string, c Config) (p9.Attacher, error) {
+	// Sanity check the prefix.
+	if !filepath.IsAbs(prefix) {
+		return nil, fmt.Errorf("attach point prefix must be absolute %q", prefix)
+	}
 	return &attachPoint{
 		prefix:  prefix,
 		conf:    c,
 		devices: make(map[uint64]uint8),
-	}
+	}, nil
 }
 
 // Attach implements p9.Attacher.
 func (a *attachPoint) Attach() (p9.File, error) {
-	// Sanity check the prefix.
-	fi, err := os.Stat(a.prefix)
+	// dirFD (1st argument) is ignored because 'prefix' is always absolute.
+	stat, err := statAt(-1, a.prefix)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("stat file %q, err: %v", a.prefix, err)
 	}
 	mode := os.O_RDWR
-	if a.conf.ROMount || fi.IsDir() {
+	if a.conf.ROMount || stat.Mode&syscall.S_IFDIR != 0 {
 		mode = os.O_RDONLY
 	}
 
@@ -125,11 +130,6 @@ func (a *attachPoint) Attach() (p9.File, error) {
 	if err != nil {
 		return nil, fmt.Errorf("unable to open file %q, err: %v", a.prefix, err)
 	}
-	stat, err := stat(int(f.Fd()))
-	if err != nil {
-		f.Close()
-		return nil, fmt.Errorf("failed to stat file %q, err: %v", a.prefix, err)
-	}
 
 	a.attachedMu.Lock()
 	defer a.attachedMu.Unlock()
diff --git a/runsc/fsgofer/fsgofer_test.go b/runsc/fsgofer/fsgofer_test.go
index f799b1e25..47b5380dc 100644
--- a/runsc/fsgofer/fsgofer_test.go
+++ b/runsc/fsgofer/fsgofer_test.go
@@ -80,7 +80,10 @@ func runCustom(t *testing.T, types []fileType, confs []Config, test func(*testin
 			}
 			defer os.RemoveAll(path)
 
-			a := NewAttachPoint(path, c)
+			a, err := NewAttachPoint(path, c)
+			if err != nil {
+				t.Fatalf("NewAttachPoint failed: %v", err)
+			}
 			root, err := a.Attach()
 			if err != nil {
 				t.Fatalf("Attach failed, err: %v", err)
@@ -107,7 +110,10 @@ func setup(ft fileType) (string, string, error) {
 	}
 
 	// First attach with writable configuration to setup tree.
-	a := NewAttachPoint(path, Config{})
+	a, err := NewAttachPoint(path, Config{})
+	if err != nil {
+		return "", "", err
+	}
 	root, err := a.Attach()
 	if err != nil {
 		return "", "", fmt.Errorf("Attach failed, err: %v", err)
@@ -556,7 +562,10 @@ func TestAttachFile(t *testing.T) {
 		t.Fatalf("os.Create(%q) failed, err: %v", path, err)
 	}
 
-	a := NewAttachPoint(path, conf)
+	a, err := NewAttachPoint(path, conf)
+	if err != nil {
+		t.Fatalf("NewAttachPoint failed: %v", err)
+	}
 	root, err := a.Attach()
 	if err != nil {
 		t.Fatalf("Attach failed, err: %v", err)
@@ -595,7 +604,10 @@ func TestDoubleAttachError(t *testing.T) {
 		t.Fatalf("ioutil.TempDir() failed, err: %v", err)
 	}
 	defer os.RemoveAll(root)
-	a := NewAttachPoint(root, conf)
+	a, err := NewAttachPoint(root, conf)
+	if err != nil {
+		t.Fatalf("NewAttachPoint failed: %v", err)
+	}
 
 	if _, err := a.Attach(); err != nil {
 		t.Fatalf("Attach failed: %v", err)