Stream: general

Topic: Absolute symlink behavior


view this post on Zulip Aviram Hassan (Oct 26 2022 at 07:49):

Hey all, just stumbled upon cap-std - it looks great!
I have a use case that might be a bit unique.
I want to access paths as if I'm running from a specific process. Right now we do it by accessing the process' /proc/{pid}/root then .joining the path.
We now came across an issue where a path there contains an absolute symlink, which ofc leads us to our own root.
I would want the symlink to be resolved as if I'm chrooted there, is this possible using cap-std?

view this post on Zulip Aviram Hassan (Oct 26 2022 at 08:38):

okay, just tested it, I get permission denied.. any recommendation on another crate/api to use ?

view this post on Zulip Dan Gohman (Oct 28 2022 at 15:43):

I don't know of any crates that do this.

view this post on Zulip Dan Gohman (Oct 28 2022 at 15:43):

I have heard from other cap-std users that such a features might be useful, though, and have thought a bit about how it might work. I expect it would look like a new RootDir type, that works like Dir except that it would support absolute paths by resolving them relative to the base.

view this post on Zulip Charlie Barto (Nov 28 2022 at 11:06):

it might need to be more complex, /proc/pid/root is not quite a normal symlink, since when traversing it you can see stuff like mounts that might not be in the same namespace as you


Last updated: Dec 23 2024 at 12:05 UTC