add option to resolve symlinks to linux device

This change modifies WithLinuxDevice to take an option `followSymlink`
and be unexported as `withLinuxDevice`. An option
`WithLinuxDeviceFollowSymlinks` will call this unexported option to
follow a symlink, which will resolve a symlink before calling
`DeviceFromPath`. `WithLinuxDevice` has been changed to call
`withLinuxDevice` without following symlinks.

Signed-off-by: Gavin Inglis <giinglis@amazon.com>

oci/spec_opts.go

@@ -1307,12 +1307,28 @@ func WithLinuxDevices(devices []specs.LinuxDevice) SpecOpts {
 	}
 }
 
+func WithLinuxDeviceFollowSymlinks(path, permissions string) SpecOpts {
+	return withLinuxDevice(path, permissions, true)
+}
+
 // WithLinuxDevice adds the device specified by path to the spec
 func WithLinuxDevice(path, permissions string) SpecOpts {
+	return withLinuxDevice(path, permissions, false)
+}
+
+func withLinuxDevice(path, permissions string, followSymlinks bool) SpecOpts {
 	return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
 		setLinux(s)
 		setResources(s)
 
+		if followSymlinks {
+			resolvedPath, err := filepath.EvalSymlinks(path)
+			if err != nil {
+				return err
+			}
+			path = resolvedPath
+		}
+
 		dev, err := DeviceFromPath(path)
 		if err != nil {
 			return err

oci/spec_opts_linux_test.go

@@ -28,6 +28,7 @@ import (
 	"github.com/containerd/continuity/fs/fstest"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"golang.org/x/sys/unix"
 )
 
@@ -510,3 +511,80 @@ daemon:x:2:root,bin,daemon
 		})
 	}
 }
+func TestWithLinuxDeviceFollowSymlinks(t *testing.T) {
+
+	// Create symlink to /dev/zero for the symlink test case
+	zero := "/dev/zero"
+	_, err := os.Stat(zero)
+	require.NoError(t, err, "Host does not have /dev/zero")
+
+	dir := t.TempDir()
+	symZero := filepath.Join(dir, "zero")
+
+	err = os.Symlink(zero, symZero)
+	require.NoError(t, err, "unexpected error creating symlink")
+
+	testcases := []struct {
+		name           string
+		path           string
+		followSymlinks bool
+
+		expectError          bool
+		expectedLinuxDevices []specs.LinuxDevice
+	}{
+		{
+			name:        "regularDeviceresolvesPath",
+			path:        zero,
+			expectError: false,
+			expectedLinuxDevices: []specs.LinuxDevice{{
+				Path: zero,
+				Type: "c",
+			}},
+		},
+		{
+			name:        "symlinkedDeviceResolvesPath",
+			path:        symZero,
+			expectError: false,
+			expectedLinuxDevices: []specs.LinuxDevice{{
+				Path: zero,
+				Type: "c",
+			}},
+		},
+		{
+			name:        "symlinkedDeviceResolvesFakePath_error",
+			path:        "/fake/path",
+			expectError: true,
+		},
+	}
+
+	for _, tc := range testcases {
+		t.Run(tc.name, func(t *testing.T) {
+			spec := Spec{
+				Version: specs.Version,
+				Root:    &specs.Root{},
+				Linux:   &specs.Linux{},
+			}
+
+			opts := []SpecOpts{
+				WithLinuxDeviceFollowSymlinks(tc.path, ""),
+			}
+
+			for _, opt := range opts {
+				if err := opt(nil, nil, nil, &spec); err != nil {
+					if tc.expectError {
+						assert.Error(t, err)
+					} else {
+						assert.NoError(t, err)
+					}
+				}
+			}
+			if len(tc.expectedLinuxDevices) != 0 {
+				require.NotNil(t, spec.Linux)
+				require.Len(t, spec.Linux.Devices, 1)
+
+				assert.Equal(t, spec.Linux.Devices[0].Path, tc.expectedLinuxDevices[0].Path)
+				assert.Equal(t, spec.Linux.Devices[0].Type, tc.expectedLinuxDevices[0].Type)
+			}
+		})
+	}
+}