Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix symlink handling with Linux sandbox #59

Merged
merged 5 commits into from
Oct 30, 2023
Merged

Fix symlink handling with Linux sandbox #59

merged 5 commits into from
Oct 30, 2023

Conversation

cd-work
Copy link
Collaborator

@cd-work cd-work commented Oct 25, 2023

This fixes an issue where dangling symbolic links would cause errors while locking down the sandbox since the mount syscall is not able to resolve the link.

To ensure symlinks are mapped correctly, the Linux sandbox now maps every exception to its canonicalized path, granting access to the symlink's TARGET. Then if necessary the symlink pointing to this file is created to ensure access through the exception's original path.

@cd-work
Fix symlink handling with Linux sandbox
6b220da 
This fixes an issue where dangling symbolic links would cause errors
while locking down the sandbox since the `mount` syscall is not able to
resolve the link.

To ensure symlinks are mapped correctly, the Linux sandbox now maps
every exception to its canonicalized path, granting access to the
symlink's **TARGET**. Then if necessary the symlink pointing to this
file is created to ensure access through the exception's original path.
@cd-work cd-work requested a review from kylewillmon October 25, 2023 22:18
kylewillmon
kylewillmon requested changes Oct 26, 2023
View reviewed changes
src/linux/namespaces.rs Outdated Show resolved Hide resolved
src/linux/namespaces.rs Show resolved Hide resolved
src/linux/namespaces.rs Outdated Show resolved Hide resolved
@cd-work cd-work requested a review from kylewillmon October 30, 2023 14:30
kylewillmon
kylewillmon requested changes Oct 30, 2023
View reviewed changes
src/linux/namespaces.rs Outdated Show resolved Hide resolved
tests/fs_remount.rs Outdated Show resolved Hide resolved
@cd-work cd-work force-pushed the symlinks branch 2 times, most recently from 62297e1 to a577afa Compare October 30, 2023 16:13
@cd-work cd-work merged commit 5fc4253 into main Oct 30, 2023
9 checks passed
@cd-work cd-work deleted the symlinks branch October 30, 2023 17:15
@cd-work cd-work self-assigned this Oct 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kylewillmon kylewillmon kylewillmon approved these changes

Assignees

@cd-work cd-work

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cd-work @kylewillmon