From f3ffa4db525ea1a1d36307ea9593ed7b5e014ca7 Mon Sep 17 00:00:00 2001 From: Fabricio Voznika Date: Thu, 18 Oct 2018 12:41:07 -0700 Subject: Resolve mount paths while setting up root fs mount It's hard to resolve symlinks inside the sandbox because rootfs and mounts may be read-only, forcing us to create mount points inside lower layer of an overlay, **before** the volumes are mounted. Since the destination must already be resolved outside the sandbox when creating mounts, take this opportunity to rewrite the spec with paths resolved. "runsc boot" will use the "resolved" spec to load mounts. In addition, symlink traversals were disabled while mounting containers inside the sandbox. It haven't been able to write a good test for it. So I'm relying on manual tests for now. PiperOrigin-RevId: 217749904 Change-Id: I7ac434d5befd230db1488446cda03300cc0751a9 --- runsc/test/testutil/testutil.go | 1 - 1 file changed, 1 deletion(-) (limited to 'runsc/test/testutil') diff --git a/runsc/test/testutil/testutil.go b/runsc/test/testutil/testutil.go index b4664995c..4d7ac3bc9 100644 --- a/runsc/test/testutil/testutil.go +++ b/runsc/test/testutil/testutil.go @@ -179,7 +179,6 @@ func SetupContainerInRoot(rootDir string, spec *specs.Spec, conf *boot.Config) ( } conf.RootDir = rootDir - conf.SpecFile = filepath.Join(bundleDir, "config.json") return bundleDir, nil } -- cgit v1.2.3