Skip to content

Commit

Permalink
Mounts: add better diagnostics on symlinks
Browse files Browse the repository at this point in the history 
PiperOrigin-RevId: 716173428
Change-Id: I7a833d0920697d917a48f9f40c0b02397057e367
  • Loading branch information
@happyCoder92 @copybara-github
happyCoder92 authored and copybara-github committed Jan 16, 2025
1 parent 028c85c commit 5166f36
Showing 1 changed file with 23 additions and 4 deletions.
27 changes: 23 additions & 4 deletions sandboxed_api/sandbox2/mounts.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -701,9 +701,17 @@ std::vector<MapEntry> GetSortedEntries(const MountTree& tree) {
return ordered;
}

bool IsSymlink(const std::string& path) {
struct stat sb;
if (stat(path.c_str(), &sb) == -1) {
return false;
}
return S_ISLNK(sb.st_mode);
}

// Traverses the MountTree to create all required files and perform the mounts.
void CreateMounts(const MountTree& tree, const std::string& path,
bool create_backing_files) {
void CreateMounts(const MountTree& tree, const std::string& root_path,
const std::string& path, bool create_backing_files) {
// First, create the backing files if needed.
if (create_backing_files) {
switch (tree.node().node_case()) {
Expand All @@ -725,6 +733,17 @@ void CreateMounts(const MountTree& tree, const std::string& path,
}
}

if (IsSymlink(path)) {
std::string abs_path;
if (!file_util::fileops::ReadLinkAbsolute(path, &abs_path)) {
SAPI_RAW_LOG(WARNING, "could not resolve mount target path %s",
path.c_str());
} else if (!absl::StartsWith(abs_path, absl::StrCat(root_path, "/"))) {
SAPI_RAW_LOG(ERROR, "Mount target not within chroot: %s resolved to %s",
path.c_str(), abs_path.c_str());
}
}

// Perform the actual mounts based on the node type.
switch (tree.node().node_case()) {
case MountTree::Node::kDirNode: {
Expand Down Expand Up @@ -764,14 +783,14 @@ void CreateMounts(const MountTree& tree, const std::string& path,
// Traverse the subtrees.
for (const auto& [key, value] : GetSortedEntries(tree)) {
std::string new_path = sapi::file::JoinPath(path, key);
CreateMounts(*value, new_path, create_backing_files);
CreateMounts(*value, root_path, new_path, create_backing_files);
}
}

} // namespace

void Mounts::CreateMounts(const std::string& root_path) const {
sandbox2::CreateMounts(mount_tree_, root_path, true);
sandbox2::CreateMounts(mount_tree_, root_path, root_path, true);
}

namespace {
Expand Down

0 comments on commit 5166f36

Please sign in to comment.