Merge pull request moby#47006 from thaJeztah/deprecate_ResolveScopedPath

pkg/containerfs: unify CleanScopedPath implementation, and deprecate ResolveScopedPath
runpod · Jan 3, 2024 · 1f6c42c · 1f6c42c
2 parents f815916 + b8f2caa
commit 1f6c42c
Show file tree

Hide file tree

Showing 7 changed files with 24 additions and 33 deletions.
diff --git a/builder/dockerfile/copy.go b/builder/dockerfile/copy.go
@@ -17,13 +17,13 @@ import (
 	"github.com/docker/docker/builder/remotecontext"
 	"github.com/docker/docker/builder/remotecontext/urlutil"
 	"github.com/docker/docker/pkg/archive"
-	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/longpath"
 	"github.com/docker/docker/pkg/progress"
 	"github.com/docker/docker/pkg/streamformatter"
 	"github.com/docker/docker/pkg/system"
 	"github.com/moby/buildkit/frontend/dockerfile/instructions"
+	"github.com/moby/sys/symlink"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 )
@@ -45,7 +45,7 @@ type copyInfo struct {
 }
 
 func (c copyInfo) fullPath() (string, error) {
-	return containerfs.ResolveScopedPath(c.root, c.path)
+	return symlink.FollowSymlinkInScope(filepath.Join(c.root, c.path), c.root)
 }
 
 func newCopyInfoFromSource(source builder.Source, path string, hash string) copyInfo {

diff --git a/builder/remotecontext/archive.go b/builder/remotecontext/archive.go
@@ -8,9 +8,9 @@ import (
 	"github.com/docker/docker/builder"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/chrootarchive"
-	"github.com/docker/docker/pkg/containerfs"
 	"github.com/docker/docker/pkg/longpath"
 	"github.com/docker/docker/pkg/tarsum"
+	"github.com/moby/sys/symlink"
 	"github.com/pkg/errors"
 )
 
@@ -117,7 +117,7 @@ func (c *archiveContext) Hash(path string) (string, error) {
 
 func normalize(path string, root string) (cleanPath, fullPath string, err error) {
 	cleanPath = filepath.Clean(string(filepath.Separator) + path)[1:]
-	fullPath, err = containerfs.ResolveScopedPath(root, path)
+	fullPath, err = symlink.FollowSymlinkInScope(filepath.Join(root, path), root)
 	if err != nil {
 		return "", "", errors.Wrapf(err, "forbidden path outside the build context: %s (%s)", path, cleanPath)
 	}

diff --git a/builder/remotecontext/detect.go b/builder/remotecontext/detect.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"path/filepath"
 	"runtime"
 	"strings"
 
@@ -15,10 +16,10 @@ import (
 	"github.com/docker/docker/builder"
 	"github.com/docker/docker/builder/remotecontext/urlutil"
 	"github.com/docker/docker/errdefs"
-	"github.com/docker/docker/pkg/containerfs"
 	"github.com/moby/buildkit/frontend/dockerfile/parser"
 	"github.com/moby/patternmatcher"
 	"github.com/moby/patternmatcher/ignorefile"
+	"github.com/moby/sys/symlink"
 	"github.com/pkg/errors"
 )
 
@@ -177,7 +178,8 @@ func StatAt(remote builder.Source, path string) (os.FileInfo, error) {
 
 // FullPath is a helper for getting a full path for a path from a source
 func FullPath(remote builder.Source, path string) (string, error) {
-	fullPath, err := containerfs.ResolveScopedPath(remote.Root(), path)
+	remoteRoot := remote.Root()
+	fullPath, err := symlink.FollowSymlinkInScope(filepath.Join(remoteRoot, path), remoteRoot)
 	if err != nil {
 		if runtime.GOOS == "windows" {
 			return "", fmt.Errorf("failed to resolve scoped path %s (%s): %s. Possible cause is a forbidden path outside the build context", path, fullPath, err)

diff --git a/container/container.go b/container/container.go
@@ -310,8 +310,8 @@ func (container *Container) GetResourcePath(path string) (string, error) {
 		return "", errors.New("GetResourcePath: BaseFS of container " + container.ID + " is unexpectedly empty")
 	}
 	// IMPORTANT - These are paths on the OS where the daemon is running, hence
-	// any filepath operations must be done in an OS agnostic way.
-	r, e := containerfs.ResolveScopedPath(container.BaseFS, containerfs.CleanScopedPath(path))
+	// any filepath operations must be done in an OS-agnostic way.
+	r, e := symlink.FollowSymlinkInScope(filepath.Join(container.BaseFS, containerfs.CleanScopedPath(path)), container.BaseFS)
 
 	// Log this here on the daemon side as there's otherwise no indication apart
 	// from the error being propagated all the way back to the client. This makes

diff --git a/pkg/containerfs/containerfs.go b/pkg/containerfs/containerfs.go
@@ -6,8 +6,22 @@ import (
 	"github.com/moby/sys/symlink"
 )
 
+// CleanScopedPath prepares the given path to be combined with a mount path or
+// a drive-letter. On Windows, it removes any existing driveletter (e.g. "C:").
+// The returned path is always prefixed with a [filepath.Separator].
+func CleanScopedPath(path string) string {
+	if len(path) >= 2 {
+		if v := filepath.VolumeName(path); len(v) > 0 {
+			path = path[len(v):]
+		}
+	}
+	return filepath.Join(string(filepath.Separator), path)
+}
+
 // ResolveScopedPath evaluates the given path scoped to the root.
 // For example, if root=/a, and path=/b/c, then this function would return /a/b/c.
+//
+// Deprecated: use [symlink.FollowSymlinkInScope].
 func ResolveScopedPath(root, path string) (string, error) {
 	return symlink.FollowSymlinkInScope(filepath.Join(root, path), root)
 }
diff --git a/pkg/containerfs/containerfs_unix.go b/pkg/containerfs/containerfs_unix.go
diff --git a/pkg/containerfs/containerfs_windows.go b/pkg/containerfs/containerfs_windows.go