libct: Allow rel paths for idmap mounts

The idea was to make them strict on dest path from the beginning for idmap mounts, as runc would do that for all mounts in the future. But that is causing too many problems. For now, let's just allow relative paths for idmap mounts too. It just seems safer. Signed-off-by: Rodrigo Campos <[email protected]>
opencontainers · Aug 8, 2023 · d814374 · d814374
1 parent ffd6dee
commit d814374
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go
@@ -485,7 +485,7 @@ func mountToRootfs(c *mountConfig, m mountEntry) error {
 			if m.srcFD == nil {
 				return fmt.Errorf("error creating mount %+v: idmapFD is invalid, should point to a valid fd", m)
 			}
-			if err := unix.MoveMount(*m.srcFD, "", -1, dest, unix.MOVE_MOUNT_F_EMPTY_PATH); err != nil {
+			if err := unix.MoveMount(*m.srcFD, "", unix.AT_FDCWD, dest, unix.MOVE_MOUNT_F_EMPTY_PATH); err != nil {
 				return fmt.Errorf("error on unix.MoveMount %+v: %w", m, err)
 			}
 

diff --git a/tests/integration/idmap.bats b/tests/integration/idmap.bats
@@ -72,6 +72,14 @@ function teardown() {
 	[[ "$output" == *"shared"* ]]
 }
 
+@test "idmap mount with relative path" {
+	update_config ' .mounts |= map((select(.source == "source-1/") | .destination = "tmp/mount-1") // .)'
+
+	runc run test_debian
+	[ "$status" -eq 0 ]
+	[[ "$output" == *"=0=0="* ]]
+}
+
 @test "idmap mount with bind mount" {
 	update_config '   .mounts += [
 					{