From fe67259fd158b8193db31fad83f2dc3d3d3bc5c4 Mon Sep 17 00:00:00 2001
From: lujingxiao <lujingxiao@huawei.com>
Date: Sat, 19 Jan 2019 11:17:38 +0800
Subject: [PATCH 017/111] hookspec:  canonicalize hook path before
 validation

reason:hook programs must put under hook directory, but if we refer
    them with a symbolic link path in hookspecs, docker daemon refuse
    to run. so we just canonicalize path first before check.

Change-Id: I68d3757f26d7df05eb048e686368eca061cb06a9
Signed-off-by: zhangyuyun <zhangyuyun@huawei.com>
Signed-off-by: xiadanni <xiadanni@huawei.com>
Signed-off-by: lujingxiao <lujingxiao@huawei.com>
---
 components/engine/daemon/container.go | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/components/engine/daemon/container.go b/components/engine/daemon/container.go
index a8cb950f44..06a19bb4c8 100644
--- a/components/engine/daemon/container.go
+++ b/components/engine/daemon/container.go
@@ -366,8 +366,17 @@ func (daemon *Daemon) validateHookPath(path string) error {
 		return fmt.Errorf("Hook path %q must be an absolute path", path)
 	}
 
-	if !filepath.HasPrefix(path, daemon.hookStore) {
-		return fmt.Errorf("hook program must be put under %q", daemon.hookStore)
+	realPath, err := filepath.EvalSymlinks(path)
+	if err != nil {
+		if !strings.Contains(err.Error(), "no such file or directory") {
+			return fmt.Errorf("failed to canonicalise path for %s: %s", path, err)
+		}
+		// for backward compatibility
+		realPath = path
+	}
+
+	if !filepath.HasPrefix(realPath, daemon.hookStore) {
+		return fmt.Errorf("hook path %q isn't right, hook program must be put under %q", path, daemon.hookStore)
 	}
 	return nil
 }
-- 
2.17.1