From efd5a59c322789afe6760c9f62f77b933ce6dd13 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Thu, 7 Sep 2023 16:13:27 +0200 Subject: [PATCH] mount: Allow relative mount destinations on Linux We tried to make runc enforce abs dest path several times, and always had to revert it due to some tools not yet doing it. The last occurrence is this one: https://github.com/opencontainers/runc/issues/3944#issuecomment-1669261383 I don't see any reason to force abs dst paths on Linux, as far as I know there is no security bug nor anything. Let's just relax the spec wording, matching all the runtimes behavior when the paths is relative, and be done with it. Signed-off-by: Rodrigo Campos --- config.md | 1 + 1 file changed, 1 insertion(+) diff --git a/config.md b/config.md index ffdae21ae..e050baa28 100644 --- a/config.md +++ b/config.md @@ -69,6 +69,7 @@ For Solaris, the mount entry corresponds to the 'fs' resource in the [zonecfg(1M * **`destination`** (string, REQUIRED) Destination of mount point: path inside container. This value MUST be an absolute path. + * Linux: It MAY be a relative path too, in which case it MUST be relative to "/". * Windows: one mount destination MUST NOT be nested within another mount (e.g., c:\\foo and c:\\foo\\bar). * Solaris: corresponds to "dir" of the fs resource in [zonecfg(1M)][zonecfg.1m]. * **`source`** (string, OPTIONAL) A device name, but can also be a file or directory name for bind mounts or a dummy.