2 files changed, 26 insertions, 8 deletions

diff --git a/usr/src/lib/brand/lx/zone/lx_boot.ksh b/usr/src/lib/brand/lx/zone/lx_boot.ksh
index 3edf51f7ec..3aff4c6b16 100644
--- a/usr/src/lib/brand/lx/zone/lx_boot.ksh
+++ b/usr/src/lib/brand/lx/zone/lx_boot.ksh
@@ -120,7 +120,9 @@ setup_native_cmd() {
 # Determine the distro.
 #
 distro=""
-if [[ -f $ZONEROOT/etc/redhat-release ]]; then
+if [[ $(zonecfg -z $ZONENAME info attr name=docker) =~ "value: true" ]]; then
+	distro="docker"
+elif [[ -f $ZONEROOT/etc/redhat-release ]]; then
 	distro="redhat"
 elif [[ -f $ZONEROOT/etc/lsb-release ]]; then
 	if egrep -s Ubuntu $ZONEROOT/etc/lsb-release; then
@@ -170,8 +172,8 @@ safe_dir /lib
 safe_dir /bin
 safe_dir /sbin
 safe_dir /etc
-safe_dir /etc/init
-safe_dir /etc/update-motd.d
+safe_opt_dir /etc/init
+safe_opt_dir /etc/update-motd.d
 
 #
 # STEP TWO
diff --git a/usr/src/lib/brand/shared/zone/common.ksh b/usr/src/lib/brand/shared/zone/common.ksh
index 667a1cc1ff..0f87686414 100644
--- a/usr/src/lib/brand/shared/zone/common.ksh
+++ b/usr/src/lib/brand/shared/zone/common.ksh
@@ -97,9 +97,27 @@ vlog()
 safe_dir()
 {
 	typeset dir="$1"
+	typeset pwd_dir=""
 
-	if [[ -h $ZONEROOT/$dir || ! -d $ZONEROOT/$dir ]]; then
-		fatal "$e_baddir" "$dir"
+	if [[ -d $ZONEROOT/$dir ]]; then
+		if [[ -h $ZONEROOT/$dir ]]; then
+			#
+			# When dir is a symlink to a directory, we 'cd' to that
+			# directory to ensure that's under $ZONEROOT. We use pwd
+			# from /usr/bin instead of built-in because they give
+			# different results.
+			#
+			pwd_dir=$(cd $ZONEROOT/$dir && /usr/bin/pwd)
+			if [[ $pwd_dir =~ "^$ZONEROOT" ]]; then
+				return;
+			else
+				fatal \
+				    "$e_baddir: symlink out of zoneroot" "$dir"
+			fi
+		else
+			# it's a dir and not a symlink, so that's ok.
+			return
+		fi
 	fi
 }
 
@@ -110,9 +128,7 @@ safe_opt_dir()
 
 	[[ ! -e $ZONEROOT/$dir ]] && return
 
-	if [[ -h $ZONEROOT/$dir || ! -d $ZONEROOT/$dir ]]; then
-		fatal "$e_baddir" "$dir"
-	fi
+	safe_dir $dir
 }
 
 # Only make a copy if we haven't already done so.