Merge pull request #1221 from sameo/topic/validator

validate: Check that the given namespace path is a symlink
2016-12-10 16:12:31 -08:00 · 2016-12-10 16:12:31 -08:00 · 083933fb90
parent 34f23cb99c f19aa2d04d
commit 083933fb90
1 changed files with 22 additions and 0 deletions
--- a/libcontainer/configs/validate/validator.go
+++ b/libcontainer/configs/validate/validator.go
@ -148,6 +148,15 @@ func (v *ConfigValidator) sysctl(config *configs.Config) error {
 	return nil
 }

+func isSymbolicLink(path string) (bool, error) {
+	fi, err := os.Lstat(path)
+	if err != nil {
+		return false, err
+	}
+
+	return fi.Mode()&os.ModeSymlink == os.ModeSymlink, nil
+}
+
 // checkHostNs checks whether network sysctl is used in host namespace.
 func checkHostNs(sysctlConfig string, path string) error {
 	var currentProcessNetns = "/proc/self/ns/net"
@ -156,6 +165,19 @@ func checkHostNs(sysctlConfig string, path string) error {
 	if err != nil {
 		return fmt.Errorf("read soft link %q error", currentProcessNetns)
 	}
+
+	// First check if the provided path is a symbolic link
+	symLink, err := isSymbolicLink(path)
+	if err != nil {
+		return fmt.Errorf("could not check that %q is a symlink: %v", path, err)
+	}
+
+	if symLink == false {
+		// The provided namespace is not a symbolic link,
+		// it is not the host namespace.
+		return nil
+	}
+
 	// readlink on the path provided in the struct
 	destOfContainer, err := os.Readlink(path)
 	if err != nil {