Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Follow symlink for --device argument. #20684
This pull request fixes issue #13840 where a --device argument fails when the listed device is actually a symlink to a device. It checks to see if the path is a symlink and, if it is, resolves the symlink and continue the operation with the resolved path.
The tests are done in this way. First a symlink is created to link to /dev/zero. Then this symlink is used to map devices in the container. Inside the container a buffer is created and the md5 is calculated:
dd if=/dev/symzero bs=4K count=8 | md5sum
The expected md5 should be
Signed-off-by: Yong Tang firstname.lastname@example.org
Code looks good. It is certainly lucky that it was decided that
Any volume that got mounted twice by the same image could contain a symlink to an otherwise forbidden device, because the first time the container was launched the symlink would be created, and the second time the container was launched, the symlink would be followed.
It might be worth adding a note in the docs that you can no longer safely use
I don't think that there are many cases where the security flaw could happen, but the following one comes to mind, which I know exists in the wild:
The reason why people do this is in order to get the
Perhaps there really should be a