From b94788fa25d85b544aa023cf5e6c80ac6ae5a26b Mon Sep 17 00:00:00 2001
From: Paul Holzinger <pholzing@redhat.com>
Date: Thu, 14 Apr 2022 16:27:44 +0200
Subject: [PATCH] libnetwork/etchosts: add GetBaseHostFile()

Add helper function to convert the base_hosts_file config value to a
actual path. It is important to use securejoin to make sure that
containers cannot point to a file on the hosts via a symlink.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
---
 libnetwork/etchosts/util.go | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 libnetwork/etchosts/util.go

diff --git a/libnetwork/etchosts/util.go b/libnetwork/etchosts/util.go
new file mode 100644
index 000000000..d78284594
--- /dev/null
+++ b/libnetwork/etchosts/util.go
@@ -0,0 +1,30 @@
+package etchosts
+
+import (
+	"fmt"
+
+	"github.com/containers/common/pkg/config"
+	securejoin "github.com/cyphar/filepath-securejoin"
+)
+
+// GetBaseHostFile return the hosts file which should be used as base.
+// The first param should be the config value config.Containers.BaseHostsFile
+// The second param should be the root path to the mounted image. This is
+// required when the user conf value is set to "image".
+func GetBaseHostFile(confValue, imageRoot string) (string, error) {
+	switch confValue {
+	case "":
+		return config.DefaultHostsFile, nil
+	case "none":
+		return "", nil
+	case "image":
+		// use secure join to prevent problems with symlinks
+		path, err := securejoin.SecureJoin(imageRoot, config.DefaultHostsFile)
+		if err != nil {
+			return "", fmt.Errorf("failed to get /etc/hosts path in image: %w", err)
+		}
+		return path, nil
+	default:
+		return confValue, nil
+	}
+}