[Libguestfs] [PATCH 4/4] daemon: scrub-file: resolve the path before calling scrub (RHBZ#1099490).

Resolve the given path within the chroot, so scrub can be invoked outside the chroot on an already-resolved path. Add few tests in scrub-file for this and other similar issues. --- daemon/scrub.c | 7 +++++-- generator/actions.ml | 13 ++++++++++++- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/daemon/scrub.c b/daemon/scrub.c index cd880b9..c10b0a0 100644 --- a/daemon/scrub.c +++ b/daemon/scrub.c @@ -58,8 +58,11 @@ do_scrub_file (const char *file) CLEANUP_FREE char *err = NULL; int r; - /* Make the path relative to /sysroot. */ - buf = sysroot_path (file); + /* Resolve the path to the file, and make the result relative to /sysroot. + * If it fails, then the file most probably does not exist or "file" is + * a symlink pointing outside the chroot. + */ + buf = sysroot_realpath (file); if (!buf) { reply_with_perror ("malloc"); return -1; diff --git a/generator/actions.ml b/generator/actions.ml index 85503ce..ed65c6e 100644 --- a/generator/actions.ml +++ b/generator/actions.ml @@ -5719,7 +5719,18 @@ manual page for more details." }; tests = [ InitScratchFS, Always, TestRun ( [["write"; "/scrub_file"; "content"]; - ["scrub_file"; "/scrub_file"]]), [] + ["scrub_file"; "/scrub_file"]]), []; + InitScratchFS, Always, TestRun ( + [["write"; "/scrub_file_2"; "content"]; + ["ln_s"; "/scrub_file_2"; "/scrub_file_2_link"]; + ["scrub_file"; "/scrub_file_2_link"]]), []; + InitScratchFS, Always, TestLastFail ( + [["ln_s"; "/scrub_file_3_notexisting"; "/scrub_file_3_link"]; + ["scrub_file"; "/scrub_file_3_link"]]), []; + InitScratchFS, Always, TestLastFail ( + [["write"; "/scrub_file_4"; "content"]; + ["ln_s"; "../sysroot/scrub_file_4"; "/scrub_file_4_link"]; + ["scrub_file"; "/scrub_file_4_link"]]), []; ]; shortdesc = "scrub (securely wipe) a file"; longdesc = "\ -- 1.9.0