diff options
| author | Brian Geffon <bgeffon@google.com> | 2018-12-04 14:31:08 -0800 |
|---|---|---|
| committer | Shentubot <shentubot@google.com> | 2018-12-04 14:32:03 -0800 |
| commit | 82719be42e636f86780d21b01e10ecb2c9a25e53 (patch) | |
| tree | 1c635cae30683e3cdc13a497cf529063ed7f56dc /runsc | |
| parent | adafc08d7cee594ea94abefbedf67ea315922550 (diff) | |
Max link traversals should be for an entire path.
The number of symbolic links that are allowed to be followed
are for a full path and not just a chain of symbolic links.
PiperOrigin-RevId: 224047321
Change-Id: I5e3c4caf66a93c17eeddcc7f046d1e8bb9434a40
Diffstat (limited to 'runsc')
| -rw-r--r-- | runsc/boot/fs.go | 12 | ||||
| -rw-r--r-- | runsc/boot/loader_test.go | 3 |
2 files changed, 10 insertions, 5 deletions
diff --git a/runsc/boot/fs.go b/runsc/boot/fs.go index 1e355fe4e..1e75b0efc 100644 --- a/runsc/boot/fs.go +++ b/runsc/boot/fs.go @@ -338,7 +338,8 @@ func mountSubmount(ctx context.Context, conf *Config, mns *fs.MountNamespace, ro } } - dirent, err := mns.FindInode(ctx, root, root, m.Destination, 0 /* maxTraversals */) + maxTraversals := uint(0) + dirent, err := mns.FindInode(ctx, root, root, m.Destination, &maxTraversals) if err != nil { return fmt.Errorf("failed to find mount destination %q: %v", m.Destination, err) } @@ -582,7 +583,8 @@ func setupContainerFS(procArgs *kernel.CreateProcessArgs, spec *specs.Spec, conf defer globalRoot.DecRef() // Create mount point for the container's rootfs. - contDir, err := mns.FindInode(ctx, globalRoot, nil, ChildContainersDir, 0 /* TraversalLimit */) + maxTraversals := uint(0) + contDir, err := mns.FindInode(ctx, globalRoot, nil, ChildContainersDir, &maxTraversals) if err != nil { return fmt.Errorf("couldn't find child container dir %q: %v", ChildContainersDir, err) } @@ -656,7 +658,8 @@ func destroyContainerFS(ctx context.Context, cid string, k *kernel.Kernel) error mnsRoot := mns.Root() defer mnsRoot.DecRef() containerRoot := path.Join(ChildContainersDir, cid) - containerRootDirent, err := mns.FindInode(ctx, mnsRoot, nil, containerRoot, 0 /* maxTraversals */) + maxTraversals := uint(0) + containerRootDirent, err := mns.FindInode(ctx, mnsRoot, nil, containerRoot, &maxTraversals) if err == syserror.ENOENT { // Container must have been destroyed already. That's fine. return nil @@ -691,7 +694,8 @@ func destroyContainerFS(ctx context.Context, cid string, k *kernel.Kernel) error // Get a reference to the parent directory and remove the root // container directory. - containersDirDirent, err := mns.FindInode(ctx, mnsRoot, nil, ChildContainersDir, 0 /* maxTraversals */) + maxTraversals = 0 + containersDirDirent, err := mns.FindInode(ctx, mnsRoot, nil, ChildContainersDir, &maxTraversals) if err != nil { return fmt.Errorf("error finding containers directory %q: %v", ChildContainersDir, err) } diff --git a/runsc/boot/loader_test.go b/runsc/boot/loader_test.go index d5cee5608..0ed3002e0 100644 --- a/runsc/boot/loader_test.go +++ b/runsc/boot/loader_test.go @@ -406,7 +406,8 @@ func TestCreateMountNamespace(t *testing.T) { root := mm.Root() defer root.DecRef() for _, p := range tc.expectedPaths { - if d, err := mm.FindInode(ctx, root, root, p, 0); err != nil { + maxTraversals := uint(0) + if d, err := mm.FindInode(ctx, root, root, p, &maxTraversals); err != nil { t.Errorf("expected path %v to exist with spec %v, but got error %v", p, tc.spec, err) } else { d.DecRef() |