Commits on Jul 30, 2024

1. libpod: Drop checks for paths in sqlite+boltdb …

   The original logic here is old, dating to
   containers@7eb5ce9
   and got inherited when the sqlite database was added.
   
   Since then, various changes have landed here especially
   around canonicalizing symbolic links.
   
   However, this code *still* often causes problems; most recently
   in https://gitlab.com/fedora/bootc/base-images/-/issues/20
   where it seems like the way Anaconda has the system set up
   trips this up again.
   
   I can certainly believe that things can go wrong if one
   overrides/reconfigures e.g. the runtime state dir to be
   different. But there's also a lot of other ways to break
   podman...and it's trivial to subvert this check with a
   bind mount over the absolute path, pointing to some
   arbitrary different place.
   
   In general, encoding file names into files that are potentially
   owned by the user is ugly...it can trip up basic things like
   migrating a home directory, etc.
   
   Since I am not aware of a common misconfiguration that these
   checks block, and I am *very* aware of a lot of times they
   have incorrectly blocked correct situations...just drop the
   checks.
   
   If we *do* need to do some more validation later, I think we
   could say encode the directory inodes for at least the volume
   dir. And the runtime dir could have the inode for the root,
   but not the other way around.
   
   Signed-off-by: Colin Walters <[email protected]>

   

   cgwalters committed Jul 30, 2024
   Configuration menu

   • View commit details
   • Copy full SHA for 1943115
   • Browse repository at this point

   Copy the full SHA

   1943115 View commit details

   Browse the repository at this point in the history