Clarify symlink and hardlink rules

What are the challenges that we are trying to solve?
What ideas do we have for how to address these challenges?
How do these ideas break down into…
1. Already existing OCI specs?
2. A new project (CNCF or OCI)
Questions?
What pre-existing work or software can support these ideas?
Relevant OCI Issues

What are the challenges that we are trying to solve?

What to do about symlinks and hard links is under-specified. For example:

When should symlinks be followed and when should they not?
Behavior of link replacement in a later layer is explicitly undefined.
Is it permitted to have a link that climbs outside the image? (E.g.: ln -s ../foo /bar). What about other pathological link targets?

One interesting quirk is that symlinks need to be interpreted relative to the image’s root, which makes non-containerized code trickier.

What ideas do we have for how to address these challenges?

Tighten up the spec to cover these and related ambiguities.

How do these ideas break down into…

Already existing OCI specs?

Image spec.

A new project (CNCF or OCI)

Questions?

What pre-existing work or software can support these ideas?

Much of Charliecloud’s behavior in this area copies Docker, after much trial and error. We also have a bunch of validation code for things that seemed reasonable to us (e.g., no, symlinks cannot climb out of the image).