Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support scanning files in mount namespaces #3423

Open
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

ariel-miculas
Copy link
Contributor

Description

Type of change

  • New feature (non-breaking change which adds functionality)

Checklist:

  • I have added unit tests that cover changed behavior
  • I have tested my code in common scenarios and confirmed there are no regressions
  • I have added comments to my code, particularly in hard-to-understand sections

Although syft supports scanning an entire chroot, it couldn't scan paths
inside the chroot containing absolute symlinks relative to the chroot
base until now.

This is the first step in supporting scanning files/directories in other
mount namespaces, since a different mount namespace is similar to a
chroot.

The main change is the addition to EvalSymlinksRelativeToBase, which can
resolve both regular symlinks and absolute symlinks confined in a
chroot-like directory structure. This function returns a path that can
be accessed in syft's scanning context, i.e. not meant to be used from
within the chroot context.

See anchore#3396 for further discussions.

Signed-off-by: Ariel Miculas-Trif <amiculas@cisco.com>
See anchore#3396

Signed-off-by: Ariel Miculas-Trif <amiculas@cisco.com>
Fixes anchore#3396

Signed-off-by: Ariel Miculas-Trif <amiculas@cisco.com>
@ariel-miculas
Copy link
Contributor Author

@kzantow could I have some reviews for this PR?

@wagoodman wagoodman added the needs-review PR that needs an in-depth review label Dec 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
needs-review PR that needs an in-depth review
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support scanning files in other mount namespaces
2 participants