Fix WORKDIR with dangling symlink

If the WORKDIR is a dangling symlink, meaning the target directory doesn't exit, we'd fail any RUN commands. This changes adds the target directory if it does not exists. Fixes: containers#1569 Tip of the hat to @karelyatin for developing the root of the fix. Signed-off-by: TomSweeneyRedHat <[email protected]>
TomSweeneyRedHat · May 9, 2019 · b893a87 · b893a87
1 parent e9184ea
commit b893a87
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 1 deletion.
diff --git a/imagebuildah/build.go b/imagebuildah/build.go
@@ -1817,13 +1817,20 @@ func (b *Executor) deleteSuccessfulIntermediateCtrs() error {
 
 func (s *StageExecutor) EnsureContainerPath(path string) error {
 	targetPath := filepath.Join(s.mountPoint, path)
-	_, err := os.Lstat(targetPath)
+	joinedPath, err := os.Lstat(targetPath)
 	if err != nil && os.IsNotExist(err) {
 		err = os.MkdirAll(targetPath, 0755)
 	}
 	if err != nil {
 		return errors.Wrapf(err, "error ensuring container path %q", path)
 	}
+	// If a symlink, check that the target directory exists in the container.
+	// If not, make it.
+	if joinedPath.Mode()&os.ModeSymlink != 0 {
+		if symTarget, err2 := os.Readlink(targetPath); err2 == nil {
+			os.MkdirAll(filepath.Join(s.mountPoint, symTarget), 0755)
+		}
+	}
 	return nil
 }
 

diff --git a/tests/bud.bats b/tests/bud.bats
@@ -1190,6 +1190,22 @@ load helpers
   expect_output --substring "\-rw\-rw\-r\-\-"
 }
 
+@test "bud WORKDIR isa symlink no target dir" {
+  target=alpine-image
+  ctr=alpine-ctr
+  run_buildah --debug=false bud --signature-policy ${TESTSDIR}/policy.json -t ${target} -f ${TESTSDIR}/bud/workdir-symlink/Dockerfile-2 ${TESTSDIR}/bud/workdir-symlink
+  expect_output --substring "STEP 2: RUN ln -sf "
+
+  run_buildah --debug=false from --signature-policy ${TESTSDIR}/policy.json --name=${ctr} ${target}
+  expect_output --substring ${ctr}
+
+  run_buildah --debug=false run ${ctr} ls -alF /tempest
+  expect_output --substring "/tempest -> /var/lib/tempest/"
+
+  run_buildah --debug=false run ${ctr} ls -alF /etc/notareal.conf 
+  expect_output --substring "\-rw\-rw\-r\-\-"
+}
+
 @test "buidah bud --volume" {
   run_buildah --debug=false bud --signature-policy ${TESTSDIR}/policy.json -v ${TESTSDIR}:/testdir ${TESTSDIR}/bud/mount
   expect_output --substring "/testdir"

diff --git a/tests/bud/workdir-symlink/Dockerfile-2 b/tests/bud/workdir-symlink/Dockerfile-2
@@ -0,0 +1,7 @@
+# No directory created for the target of the symlink
+FROM alpine
+RUN ln -sf /var/lib/tempest /tempest
+WORKDIR /tempest
+RUN touch /etc/notareal.conf
+RUN chmod 664 /etc/notareal.conf
+COPY Dockerfile-2 ./Dockerfile-2