vbatts/cri-o
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add function to safely open a file in container rootfs

Browse source 
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
This commit is contained in:
Mrunal Patel 2017-03-29 11:16:53 -07:00
parent 7c6443c592
commit f422235b3e
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
server/container_create.go
View file

@ -4,12 +4,15 @@ import (
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
"io"
"os"
"path/filepath" "path/filepath"
"strings" "strings"
"syscall" "syscall"
"github.com/Sirupsen/logrus" "github.com/Sirupsen/logrus"
"github.com/docker/docker/pkg/stringid" "github.com/docker/docker/pkg/stringid"
"github.com/docker/docker/pkg/symlink"
"github.com/kubernetes-incubator/cri-o/oci" "github.com/kubernetes-incubator/cri-o/oci"
"github.com/kubernetes-incubator/cri-o/server/apparmor" "github.com/kubernetes-incubator/cri-o/server/apparmor"
"github.com/kubernetes-incubator/cri-o/server/seccomp" "github.com/kubernetes-incubator/cri-o/server/seccomp"
@ -567,3 +570,12 @@ func (s *Server) getAppArmorProfileName(annotations map[string]string, ctrName s
return strings.TrimPrefix(profile, apparmor.ProfileNamePrefix) return strings.TrimPrefix(profile, apparmor.ProfileNamePrefix)
} }
// openContainerFile opens a file inside a container rootfs safely
func openContainerFile(rootfs string, path string) (io.ReadCloser, error) {
fp, err := symlink.FollowSymlinkInScope(filepath.Join(rootfs, path), rootfs)
if err != nil {
return nil, err
}
return os.Open(fp)
}