libnetwork/etchosts: add GetBaseHostFile()

Add helper function to convert the base_hosts_file config value to a actual path. It is important to use securejoin to make sure that containers cannot point to a file on the hosts via a symlink. Signed-off-by: Paul Holzinger <[email protected]>
containers · Apr 19, 2022 · 330f607 · 330f607
1 parent 7cb5840
commit 330f607
Showing 1 changed file with 30 additions and 0 deletions.
diff --git a/libnetwork/etchosts/util.go b/libnetwork/etchosts/util.go
@@ -0,0 +1,30 @@
+package etchosts
+
+import (
+	"fmt"
+
+	"github.com/containers/common/pkg/config"
+	securejoin "github.com/cyphar/filepath-securejoin"
+)
+
+// GetBaseHostFile return the hosts file which should be used as base.
+// The first param should be the config value config.Containers.BaseHostsFile
+// The second param should be the root path to the mounted image. This is
+// required when the user conf value is set to "image".
+func GetBaseHostFile(confValue, imageRoot string) (string, error) {
+	switch confValue {
+	case "":
+		return config.DefaultHostsFile, nil
+	case "none":
+		return "", nil
+	case "image":
+		// use secure join to prevent problems with symlinks
+		path, err := securejoin.SecureJoin(imageRoot, config.DefaultHostsFile)
+		if err != nil {
+			return "", fmt.Errorf("failed to get /etc/hosts path in image: %w", err)
+		}
+		return path, nil
+	default:
+		return confValue, nil
+	}
+}