From cf169b45bbd818dc083aa37cb5ae7ddce923f5c9 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 10 Aug 2020 12:27:24 +0200 Subject: [PATCH] daemon.setupPathsAndSandboxOptions() skip resolving symlinks This came up in a review of a5324d69508c117d3ede94272041ae8fc2ad4bbf, but for some reason that comment didn't find its way to GitHub, and/or I forgot to push the change. These files are "copied" by reading their content with ioutil.Readfile(), resolving the symlinks should therefore not be needed, and paths can be passed as-is; ```go func copyFile(src, dst string) error { sBytes, err := ioutil.ReadFile(src) if err != nil { return err } return ioutil.WriteFile(dst, sBytes, filePerm) } ``` Signed-off-by: Sebastiaan van Stijn --- daemon/container_operations_unix.go | 34 ++++++++++------------------- 1 file changed, 11 insertions(+), 23 deletions(-) diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go index c71f1fb139..f033839946 100644 --- a/daemon/container_operations_unix.go +++ b/daemon/container_operations_unix.go @@ -399,21 +399,11 @@ func (daemon *Daemon) setupPathsAndSandboxOptions(container *container.Container case container.HostConfig.NetworkMode.IsHost(): // In host-mode networking, the container does not have its own networking // namespace, so both `/etc/hosts` and `/etc/resolv.conf` should be the same - // as on the host itself. The container gets a copy of these files, but they - // may be symlinked, so resolve the original path first. - etcHosts, err := filepath.EvalSymlinks("/etc/hosts") - if err != nil { - return err - } - resolvConf, err := filepath.EvalSymlinks("/etc/resolv.conf") - if err != nil { - return err - } - + // as on the host itself. The container gets a copy of these files. *sboxOptions = append( *sboxOptions, - libnetwork.OptionOriginHostsPath(etcHosts), - libnetwork.OptionOriginResolvConfPath(resolvConf), + libnetwork.OptionOriginHostsPath("/etc/hosts"), + libnetwork.OptionOriginResolvConfPath("/etc/resolv.conf"), ) case container.HostConfig.NetworkMode.IsUserDefined(): // The container uses a user-defined network. We use the embedded DNS @@ -427,11 +417,10 @@ func (daemon *Daemon) setupPathsAndSandboxOptions(container *container.Container // If systemd-resolvd is used, the "upstream" DNS servers can be found in // /run/systemd/resolve/resolv.conf. We do not query those DNS servers // directly, as they can be dynamically reconfigured. - resolvConf, err := filepath.EvalSymlinks("/etc/resolv.conf") - if err != nil { - return err - } - *sboxOptions = append(*sboxOptions, libnetwork.OptionOriginResolvConfPath(resolvConf)) + *sboxOptions = append( + *sboxOptions, + libnetwork.OptionOriginResolvConfPath("/etc/resolv.conf"), + ) default: // For other situations, such as the default bridge network, container // discovery / name resolution is handled through /etc/hosts, and no @@ -444,11 +433,10 @@ func (daemon *Daemon) setupPathsAndSandboxOptions(container *container.Container // DNS servers on the host can be dynamically updated. // // Copy the host's resolv.conf for the container (/run/systemd/resolve/resolv.conf or /etc/resolv.conf) - resolvConf, err := filepath.EvalSymlinks(daemon.configStore.GetResolvConf()) - if err != nil { - return err - } - *sboxOptions = append(*sboxOptions, libnetwork.OptionOriginResolvConfPath(resolvConf)) + *sboxOptions = append( + *sboxOptions, + libnetwork.OptionOriginResolvConfPath(daemon.configStore.GetResolvConf()), + ) } container.HostsPath, err = container.GetRootResourcePath("hosts")