Bug #12183
Updated by Peter Amstutz over 7 years ago
This is suspicious: 2017-08-28T11:09:17.982121623Z CMD: ln -s /var/spool/cwl/STAR-Fusion_outdir/star-fusion.preliminary/star-fusion.filter.intermediates_dir/star-fusion.filtered /var/spool/cwl/STAR-Fusion_outdir/star-fusion.preliminary/star-fusion.fusion_candidates.preliminary.filtered This seems to be creating a symlink to an absolute path inside the container. However, crunch-run (which collects the outputs) executes outside the container, which means it cannot dereference symlinks to arbitrary paths inside the container. It is already able to handle symlinks to mounted input files, and relative symlinks within the output directory, but doesn't correctly handle this case of a symlink with an absolute path to another file in the output directory. This should be handled correctly. Currently it looks like putting a symlink foo->/etc/shadow (or ->../../../../../../etc/shadow) will cause crunch-run to store /etc/shadow from the compute node, not the container. This seems bad. Also, it looks like we follow symlinks to files, but not symlinks to dirs, which seems like a confusing rule.