Add Windows support for WSL symlinks

[cowwoc]

Windows Version

Microsoft Windows [Version 10.0.19045.5011]

WSL Version

2.3.24.0

Are you using WSL 1 or WSL 2?

• [x] WSL 2
• [ ] WSL 1

Kernel Version

5.15.153.1-2

Distro Version

No response

Other Software

Docker Desktop (Windows), version 4.35.1

Repro Steps

Is there ongoing work to add Windows support for WSL symlinks? https://blog.trailofbits.com/2024/02/12/why-windows-cant-follow-wsl-symlinks/ describes the problem but I could not find an existing GitHub issue related to this.

1. Create a symlink from a Docker linux container.
2. Symlinked files work fine from within WSL.
3. Windows Terminal and file explorer cannot follow these symlinks, returning "The file cannot be accessed by the system."
4. junction <symlinked file> returns:

   
   Junction v1.07 - Creates and lists directory links
   Copyright (C) 2005-2016 Mark Russinovich
   Sysinternals - www.sysinternals.com

C:\Users\Gili\Documents\licensed-app\deployment\certbot\config\live\gili.licensed.app\fullchain.pem: UNKNOWN MICROSOFT REPARSE POINT

### Expected Behavior

Ability to read the contents of symlinked files from within Windows Terminal

### Actual Behavior

> The file cannot be accessed by the system.

### Diagnostic Logs

_No response_

[github-actions[bot]]

Logs are required for review from WSL team

If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'. Otherwise please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.

How to collect WSL logs

Download and execute [collect-wsl-logs.ps1](https://github.com/Microsoft/WSL/blob/master/diagnostics/collect-wsl-logs.ps1) in an **administrative powershell prompt**: ``` Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1 Set-ExecutionPolicy Bypass -Scope Process -Force .\collect-wsl-logs.ps1 ``` The script will output the path of the log file once done. If this is a networking issue, please use [collect-networking-logs.ps1](https://github.com/Microsoft/WSL/blob/master/diagnostics/collect-networking-logs.ps1), following the instructions [here](https://github.com/microsoft/WSL/blob/master/CONTRIBUTING.md#collect-wsl-logs-for-networking-issues) Once completed please upload the output files to this Github issue. [Click here for more info on logging](https://github.com/microsoft/WSL/blob/master/CONTRIBUTING.md#8-collect-wsl-logs-recommended-method) If you choose to email these logs instead of attaching to the bug, please send them to wsl-gh-logs@microsoft.com with the number of the github issue in the subject, and in the message a link to your comment in the github issue and reply with '/emailed-logs'.

View similar issues

Please view the issues below to see if they solve your problem, and if the issue describes your problem please consider closing this one and thumbs upping the other issue to help us prioritize it!

Open similar issues:

• wsl does not respect Windows-side symlinks #5701 (#11110), similarity score: 0.79
• Windows symlinks (mklink) on drvfs pointing to \wsl$... should resolve in WSL (#8385), similarity score: 0.74

Closed similar issues:

• Symbolic Links: Operation not permitted (#4104), similarity score: 0.76
• Interoperability for WSL symlinks accessed via \wsl$ (#5670), similarity score: 0.75
• Windows mount of WSL2 volume does not support soft links (#5308), similarity score: 0.74

Note: You can give me feedback by thumbs upping or thumbs downing this comment.

[cowwoc]

Tagging @yardenshafir and @D4stiny for additional visibility

[cowwoc]

/feature

[github-actions[bot]]

Diagnostic information

``` Found '/feature', adding tag 'feature' ```

[0xbadfca11]

Consider whether WSL's creation of Windows symlinks suits your use case. https://github.com/MicrosoftDocs/WSL/releases/tag/17046

[cowwoc]

@0xbadfca11 I'm not sure how I am expected to make this work. The changelog reads:

DrvFs creates NT symlinks when certain conditions are met. [GH 353, 1475, 2602] The link target must be relative, must not cross any mount points or symlinks, and must exist. The user must have SE_CREATE_SYMBOLIC_LINK_PRIVILEGE (this normally requires you to launch wsl.exe elevated), unless Developer Mode is turned on. In all other situations, DrvFs still creates WSL symlinks.

When it says that the symlinks must exist does it mean that I need to manually create symlinks on the Windows side? Or that it is sufficient for a WSL symlink to exist from a previous run?

In my case there is a volume mapping /etc/letsencrypt on the Linux side to C:\[redacted]\config on the Windows side. The symlink problematic symlink isn't top-level. On Linux, /etc/letsencrypt/live/[redacted]/fullchain.pem is symlinked to /etc/letsencrypt/archive/[redacted]/fullchain1.pem and the file it points to keeps on changing over time (from fullchain1.pem to fullchain2.pem, etc).

How am I supposed to get it worked in this case?

Also, I have no idea if Docker Desktop has SE_CREATE_SYMBOLIC_LINK_PRIVILEGE. Do you?