Under normal circumstances this is not a problem as the archive file
created podman container checkpoint will no create symlinks.
However if a user passes a custom archive they could contain symlinks
that point outside our root. To resolve them within the root use
securejoin.
Note this is not a security problem because the full archive must be
trusted by a user to begin with as it contain the full container config.
Fixes: #27977
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
(cherry picked from commit abb5120624)
Signed-off-by: Paul Holzinger <pholzing@redhat.com>