v1.x.x: enforce absolute paths for mounts again

[thaJeztah]

Commits 1f1e91b and 2192670 (#2917) added validation for mountpoints to be an absolute path, to match the OCI specs.

Unfortunately, the old behavior (accepting the path to be a relative path) has been around for a long time, and although "not according to the spec", various higher level runtimes rely on this behavior.

While higher level runtime have been updated to address this requirement, there will be a transition period before all runtimes are updated to carry these fixes.

PR #3004 was merged to relax the validation, to generate a WARNING instead of failing, allowing runtimes to update (but allowing them to update runc to the current version, which includes security fixes).

We can remove this exception in a future patch release.

[kolyshkin]

I think this is implemented in #3717

[lifubang]

According to #3971, reopen this one.

[lifubang]

!!! Anyone who wants to work on this in the future, please communicate with upstream projects' maintainer first to check whethere it is safe or not. Thanks.

[kolyshkin]

We definitely won't have this in runc 1.2

[rata]

I think we can close this issue. We decided to change the spec to allow them (mark them as deprecated): opencontainers/runtime-spec#1225 . We relaxed it here in runc: #4013

I've just opened a PR to remove an old comment related to this, but this should be done now, IMHO (#4104).

[thaJeztah]

I agree, I think it's fine to close this one.

I'm still contemplating if having a strict-mode option would be possible somehow; such an option would potentially allow consumers to validate if no deprecated / not-recommended options are used.

That's a bit of a separate topic though, and probably better left for a separate discussion.

I'll go ahead and close this one for now 👍