Add --safe-links to synchronize invocations We don't want people to rsync files from outside the work dir by creating symlinks and then synchronizing them. Pass in --safe-links to rsync. rsync's behavior is that if --safe-links is present in the presence of other options to the contrary that --safe-links will win. Change-Id: I0e9657412edf20f0138d6fb7da994f4804f77826

commit: 35fc0736f9c597aefe0ce0cc7b2861647e8ba335 [log] [tgz]
author: Monty Taylor <mordred@inaugust.com> Thu Feb 23 14:27:36 2017 -0500
committer: Monty Taylor <mordred@inaugust.com> Thu Feb 23 15:54:39 2017 -0500
tree: 21e8ec14ddb838ee9dbfa9f565718da2e9c250e8
parent: d642d8547c53bf52e78ea04ae426ba0a543b5781 [diff]
diff --git a/zuul/ansible/action/synchronize.py b/zuul/ansible/action/synchronize.py
index 0193eca..88ca13a 100644
--- a/zuul/ansible/action/synchronize.py
+++ b/zuul/ansible/action/synchronize.py

@@ -26,6 +26,9 @@
         dest = self._task.args.get('dest', None)
         pull = self._task.args.get('pull', False)
 
+        if '--safe-links' not in self._task.args['rsync_opts']:
+            self._task.args['rsync_opts'].append('--safe-links')
+
         if not pull and not paths._is_safe_path(source):
             return paths._fail_dict(source, prefix='Syncing files from')
         if pull and not paths._is_safe_path(dest):
commit	35fc0736f9c597aefe0ce0cc7b2861647e8ba335	[log] [tgz]
author	Monty Taylor <mordred@inaugust.com>	Thu Feb 23 14:27:36 2017 -0500
committer	Monty Taylor <mordred@inaugust.com>	Thu Feb 23 15:54:39 2017 -0500
tree	21e8ec14ddb838ee9dbfa9f565718da2e9c250e8
parent	d642d8547c53bf52e78ea04ae426ba0a543b5781 [diff]