path/filepath: EvalSymlinks tries recursively resolving magic link /proc/1/root causing infinite symlink resolutions

[Johan-Liebert1]

Go version

go version go1.24.2 linux/amd64

Output of go env in your module/workspace:

AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE=''
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/home/pragyan/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/home/pragyan/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1656708043=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/dev/null'
GOMODCACHE='/home/pragyan/Golang/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/home/pragyan/Golang'
GOPRIVATE=''
GOPROXY='direct'
GOROOT='/usr/lib/golang'
GOSUMDB='off'
GOTELEMETRY='local'
GOTELEMETRYDIR='/home/pragyan/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='local'
GOTOOLDIR='/usr/lib/golang/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.2'
GOWORK=''
PKG_CONFIG='pkg-config'

What did you do?

Inside a container, privileged with host's PID namespace, I symlinked /var/tmp to /proc/1/root/var/tmp. I wrote a small script to resolve the symlink

package main

import (
	"fmt"
	"os"
	"path/filepath"
)

func main() {
    arg := os.Args[1]

    fmt.Printf("Evaluating path '%s'\n", arg)

    finalPath, err := filepath.EvalSymlinks(arg)

    if err != nil {
        fmt.Printf("Err: %+v\n", err)
        return
    }

    fmt.Printf("finalPath: %s\n", finalPath)
}

What did you see happen?

The above script fails with

Err: EvalSymlinks: too many links

It tires to resolve /proc/1/root which does point to container's / when resolved in userspace, but it's actually resolved via the kernel when traversed.

What did you expect to see?

Expected to not have it infinitely traverse the symlinks.

Shell utilities like ls and cd understand this and resolve this appropriately.

Here is a very simple reproducing example

Build the above script and name it symlink, then in the same directory

sudo podman run --rm -it --pid=host --privileged -v ./symlink:/symlink alpine:latest sh

# inside the container

/ # rm -rf /var/tmp 
/ # ln -s /proc/1/root/var/tmp /var/tmp
/ # /symlink /var/tmp/
Evaluating path '/var/tmp/'
Err: EvalSymlinks: too many links

[gabyhelp]

Related Issues

• path/filepath: EvalSymlinks fails to follow symlink when root entry is a symlink #39818
• path/filepath: EvalSymlinks of container mapped directory returns an error #23512 (closed)
• path/filepath: endless loop in EvalSymlinks because it resolves a link to the same path it asked for #40176 (closed)
• path/filepath: EvalSymlinks fails when specifying symbolic links under /tmp on macOS #57905 (closed)
• path/filepath: EvalSymlinks fails when target is file #29449 (closed)
• path/filepath: TestEvalSymlinksAboveRoot failure on macOS #35201 (closed)
• path/filepath: EvalSymlinks fails on Windows when passed a UNC share root path #42079 (closed)
• cmd/go: `go build` (etc.) doesn't work with symlinks when invoked via os/exec.Command with mismatched PWD #63644 (closed)
• path/filepath: EvalSymlinks, incorrect traversal of relative paths #30520 (closed)
• path/filepath: EvalSymlinks failure #21511 (closed)

_{(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)}

[cagedmantis]

cc @robpike @rsc