From 4086e37e2706a17d7f71d5c06399584a55ff1cd8 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Tue, 13 May 2014 15:42:21 +0200
Subject: [PATCH] libcontainer: Ensure bind mount target files are inside
 rootfs

Before we create any files to bind-mount on, make sure they are
inside the container rootfs, handling for instance absolute symbolic
links inside the container.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 libcontainer/mount/init.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/libcontainer/mount/init.go b/libcontainer/mount/init.go
index 12f833a..16fb758 100644
--- a/libcontainer/mount/init.go
+++ b/libcontainer/mount/init.go
@@ -12,6 +12,7 @@ import (
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/pkg/libcontainer/mount/nodes"
 	"github.com/dotcloud/docker/pkg/system"
+	"github.com/dotcloud/docker/utils"
 )
 
 // default mount point flags
@@ -127,6 +128,12 @@ func setupBindmounts(rootfs string, bindMounts libcontainer.Mounts) error {
 		if err != nil {
 			return err
 		}
+
+		dest, err = utils.FollowSymlinkInScope(dest, rootfs)
+		if err != nil {
+			return err
+		}
+
 		if err := createIfNotExists(dest, stat.IsDir()); err != nil {
 			return fmt.Errorf("Creating new bind-mount target, %s", err)
 		}