From eead6a2e8ade01b455dd8e09da8804690ebc5359 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E9=B8=A3=E6=B2=BC?= <limingzhao3@huawei.com>
Date: Mon, 24 Jun 2024 20:18:25 +0800
Subject: [PATCH 1/3] =?UTF-8?q?=E3=80=90=E4=BF=AE=E6=94=B9=E8=AF=B4?=
 =?UTF-8?q?=E6=98=8E=20Modification=E3=80=91=E4=BF=AE=E5=A4=8D=E9=83=A8?=
 =?UTF-8?q?=E5=88=86OS=E4=B8=8B/var/run=E7=9A=84=E8=BD=AF=E9=93=BE?=
 =?UTF-8?q?=E6=8E=A5check=E4=B8=8D=E9=80=9A=E8=BF=87=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 mindxcheckutils/mindxcheckutils.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/mindxcheckutils/mindxcheckutils.go b/mindxcheckutils/mindxcheckutils.go
index 84fc93a..2590ffd 100644
--- a/mindxcheckutils/mindxcheckutils.go
+++ b/mindxcheckutils/mindxcheckutils.go
@@ -49,15 +49,15 @@ func RealFileChecker(path string, checkParent, allowLink bool, size int) (string
 	if !StringChecker(path, 0, DefaultPathSize, DefaultWhiteList) {
 		return notValidPath, fmt.Errorf("invalid path")
 	}
-	_, err := FileChecker(path, false, checkParent, allowLink, 0)
+	realPath, err := filepath.Abs(path)
 	if err != nil {
 		return notValidPath, err
 	}
-	realPath, err := filepath.Abs(path)
+	realPath, err = filepath.EvalSymlinks(realPath)
 	if err != nil {
 		return notValidPath, err
 	}
-	realPath, err = filepath.EvalSymlinks(realPath)
+	_, err = FileChecker(path, false, checkParent, allowLink, 0)
 	if err != nil {
 		return notValidPath, err
 	}
-- 
Gitee


From 212abe3d3cca553f20d181cdff258024e8bdd22f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E9=B8=A3=E6=B2=BC?= <limingzhao3@huawei.com>
Date: Tue, 25 Jun 2024 11:49:21 +0800
Subject: [PATCH 2/3] =?UTF-8?q?=E3=80=90=E4=BF=AE=E6=94=B9=E8=AF=B4?=
 =?UTF-8?q?=E6=98=8E=20Modification=E3=80=91=E4=BF=AE=E5=A4=8D=E9=83=A8?=
 =?UTF-8?q?=E5=88=86OS=E4=B8=8B/var/run=E7=9A=84=E8=BD=AF=E9=93=BE?=
 =?UTF-8?q?=E6=8E=A5check=E4=B8=8D=E9=80=9A=E8=BF=87=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 mindxcheckutils/mindxcheckutils.go | 6 +++---
 runtime/main.go                    | 5 +++++
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/mindxcheckutils/mindxcheckutils.go b/mindxcheckutils/mindxcheckutils.go
index 2590ffd..84fc93a 100644
--- a/mindxcheckutils/mindxcheckutils.go
+++ b/mindxcheckutils/mindxcheckutils.go
@@ -49,15 +49,15 @@ func RealFileChecker(path string, checkParent, allowLink bool, size int) (string
 	if !StringChecker(path, 0, DefaultPathSize, DefaultWhiteList) {
 		return notValidPath, fmt.Errorf("invalid path")
 	}
-	realPath, err := filepath.Abs(path)
+	_, err := FileChecker(path, false, checkParent, allowLink, 0)
 	if err != nil {
 		return notValidPath, err
 	}
-	realPath, err = filepath.EvalSymlinks(realPath)
+	realPath, err := filepath.Abs(path)
 	if err != nil {
 		return notValidPath, err
 	}
-	_, err = FileChecker(path, false, checkParent, allowLink, 0)
+	realPath, err = filepath.EvalSymlinks(realPath)
 	if err != nil {
 		return notValidPath, err
 	}
diff --git a/runtime/main.go b/runtime/main.go
index 5b2a7f3..f8f1bf4 100644
--- a/runtime/main.go
+++ b/runtime/main.go
@@ -587,7 +587,12 @@ func modifySpecFile(path string) error {
 	if err != nil {
 		return fmt.Errorf("spec file doesnt exist %s: %v", path, err)
 	}
+	path, err = filepath.EvalSymlinks(path)
+	if err != nil {
+		return err
+	}
 	if _, err = mindxcheckutils.RealFileChecker(path, true, true, mindxcheckutils.DefaultSize); err != nil {
+		hwlog.RunLog.Errorf("RealFileChecker error: %v, path: %v", err, path)
 		return err
 	}
 
-- 
Gitee


From e54e15d0d10bc99746e509b41121b633143e794b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E9=B8=A3=E6=B2=BC?= <limingzhao3@huawei.com>
Date: Tue, 25 Jun 2024 12:01:56 +0800
Subject: [PATCH 3/3] =?UTF-8?q?=E3=80=90=E4=BF=AE=E6=94=B9=E8=AF=B4?=
 =?UTF-8?q?=E6=98=8E=20Modification=E3=80=91=E4=BF=AE=E5=A4=8D=E9=83=A8?=
 =?UTF-8?q?=E5=88=86OS=E4=B8=8B/var/run=E7=9A=84=E8=BD=AF=E9=93=BE?=
 =?UTF-8?q?=E6=8E=A5check=E4=B8=8D=E9=80=9A=E8=BF=87=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 runtime/main.go | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/runtime/main.go b/runtime/main.go
index f8f1bf4..e0ce195 100644
--- a/runtime/main.go
+++ b/runtime/main.go
@@ -582,20 +582,28 @@ func updateEnvAndPostHook(spec *specs.Spec, vdevice dcmi.VDeviceInfo) {
 	}
 }
 
+func fileCheck(path string) (string, error) {
+	var err error
+	path, err = filepath.EvalSymlinks(path)
+	if err != nil {
+		return "", err
+	}
+	if _, err = mindxcheckutils.RealFileChecker(path, true, true, mindxcheckutils.DefaultSize); err != nil {
+		hwlog.RunLog.Errorf("RealFileChecker error: %v, path: %v", err, path)
+		return "", err
+	}
+	return path, nil
+}
+
 func modifySpecFile(path string) error {
 	stat, err := os.Stat(path)
 	if err != nil {
 		return fmt.Errorf("spec file doesnt exist %s: %v", path, err)
 	}
-	path, err = filepath.EvalSymlinks(path)
+	path, err = fileCheck(path)
 	if err != nil {
 		return err
 	}
-	if _, err = mindxcheckutils.RealFileChecker(path, true, true, mindxcheckutils.DefaultSize); err != nil {
-		hwlog.RunLog.Errorf("RealFileChecker error: %v, path: %v", err, path)
-		return err
-	}
-
 	jsonFile, err := os.OpenFile(path, os.O_RDWR, stat.Mode())
 	if err != nil {
 		return fmt.Errorf("cannot open oci spec file %s: %v", path, err)
-- 
Gitee