Revert "jailer: Use O_NOFOLLOW for cgroup and netns file operations"

ilstam · ilstam · commit 7dff88a01eab · 2026-06-15T10:44:05.000Z
This reverts commit ce2a467. It turns out users do want to legitimately use symlinks in these paths. Commit 72340ca ("docs: Clarify that all jailer inputs must be trusted") updated documentation to make it clear that all jailer inputs are always considered trusted anyway, so this revert is not a regression. Signed-off-by: Ilias Stamatis <ilstam@amazon.com>
diff --git a/src/jailer/src/env.rs b/src/jailer/src/env.rs
@@ -519,11 +519,8 @@ impl Env {
 
     fn join_netns(path: &str) -> Result<(), JailerError> {
         // The fd backing the file will be automatically dropped at the end of the scope
-        let netns = OpenOptions::new()
-            .read(true)
-            .custom_flags(libc::O_NOFOLLOW)
-            .open(path)
-            .map_err(|err| JailerError::FileOpen(PathBuf::from(path), err))?;
+        let netns =
+            File::open(path).map_err(|err| JailerError::FileOpen(PathBuf::from(path), err))?;
 
         // SAFETY: Safe because we are passing valid parameters.
         SyscallReturnCode(unsafe { libc::setns(netns.as_raw_fd(), libc::CLONE_NEWNET) })
diff --git a/src/jailer/src/main.rs b/src/jailer/src/main.rs
@@ -3,9 +3,6 @@
 
 use std::ffi::{CString, NulError, OsString};
 use std::fmt::{Debug, Display};
-use std::fs::OpenOptions;
-use std::io::Read;
-use std::os::unix::fs::OpenOptionsExt;
 use std::path::{Path, PathBuf};
 use std::{env as p_env, fs, io};
 
@@ -243,25 +240,12 @@ where
     T: AsRef<Path> + Debug,
     V: Display + Debug,
 {
-    let mut file = OpenOptions::new()
-        .write(true)
-        .create(true)
-        .truncate(true)
-        .custom_flags(libc::O_NOFOLLOW)
-        .open(file_path.as_ref())
-        .map_err(|err| JailerError::Write(PathBuf::from(file_path.as_ref()), err))?;
-    io::Write::write_all(&mut file, format!("{}\n", value).as_bytes())
+    fs::write(file_path, format!("{}\n", value))
         .map_err(|err| JailerError::Write(PathBuf::from(file_path.as_ref()), err))
 }
 
 pub fn readln_special<T: AsRef<Path> + Debug>(file_path: &T) -> Result<String, JailerError> {
-    let mut file = OpenOptions::new()
-        .read(true)
-        .custom_flags(libc::O_NOFOLLOW)
-        .open(file_path.as_ref())
-        .map_err(|err| JailerError::ReadToString(PathBuf::from(file_path.as_ref()), err))?;
-    let mut line = String::new();
-    file.read_to_string(&mut line)
+    let mut line = fs::read_to_string(file_path)
         .map_err(|err| JailerError::ReadToString(PathBuf::from(file_path.as_ref()), err))?;
 
     // Remove the newline character at the end (if any).
