integration: add some tests for bind mount through dangling symlinks

We intentionally broke this in commit d40b3439a9 ("rootfs: switch to fd-based handling of mountpoint targets") under the assumption that most users do not need this feature. Sadly it turns out they do, and so commit 3f925525b4 ("rootfs: re-allow dangling symlinks in mount targets") added a hotfix to re-add this functionality. This patch adds some much-needed tests for this behaviour, since it seems we are going to need to keep this for compatibility reasons (at least until runc v2...). Co-developed-by: lifubang <lifubang@acmcoder.com> Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2025-12-24 11:50:58 +08:00 · 2025-11-17 15:23:23 +00:00
parent 195e9551e4
commit 15d7c214cd
1 changed files with 58 additions and 0 deletions
--- a/tests/integration/mounts.bats
+++ b/tests/integration/mounts.bats
@@ -127,6 +127,42 @@ function test_mount_order() {
 	[[ "$output" == *"a/x"* ]] # the final "file" was from a/x.
 }

+# This needs to be placed at the top of the bats file to work around
+# a shellcheck bug. See <https://github.com/koalaman/shellcheck/issues/2873>.
+test_mount_target() {
+	src="$1"
+	dst="$2"
+	real_dst="${3:-$dst}"
+
+	echo "== $src -> $dst (=> $real_dst) =="
+
+	old_config="$(mktemp ./config.json.bak.XXXXXX)"
+	cp ./config.json "$old_config"
+
+	update_config '.mounts += [{
+		source: "'"$src"'",
+		destination: "'"$dst"'",
+		options: ["bind"]
+	}]'
+
+	# Make sure the target path is at the right spot and is actually a
+	# bind-mount of the correct inode.
+	update_config '.process.args = ["stat", "-c", "%n %d:%i", "--", "'"$real_dst"'"]'
+	runc run test_busybox
+	[ "$status" -eq 0 ]
+	[[ "$output" == "$real_dst $(stat -c "%d:%i" -- "$src")" ]]
+
+	# Make sure there is a mount entry for the target path.
+	# shellcheck disable=SC2016
+	update_config '.process.args = ["awk", "-F", "PATH='"$real_dst"'", "$2 == PATH", "/proc/self/mounts"]'
+	runc run test_busybox
+	[ "$status" -eq 0 ]
+	[[ "$output" == *"$real_dst"* ]]
+
+	# Switch back the old config so this function can be called multiple times.
+	mv "$old_config" "./config.json"
+}
+
 # https://github.com/opencontainers/runc/issues/3991
@test "runc run [tmpcopyup]" {
 	mkdir -p rootfs/dir1/dir2
@@ -343,3 +379,25 @@ function test_mount_order() {
@test "runc run [mount order, container idmap source] (userns)" {
 	test_mount_order userns,idmap
 }
+
+@test "runc run [bind mount through a dangling symlink component]" {
+	rm -rf rootfs/etc/hosts
+	ln -s /tmp/foo/bar rootfs/jump
+	ln -s /jump/baz/hosts rootfs/etc/hosts
+
+	rm -rf rootfs/tmp/foo
+	test_mount_target ./config.json /etc/hosts /tmp/foo/bar/baz/hosts
+}
+
+@test "runc run [bind mount through a trailing dangling symlink]" {
+	rm -rf rootfs/etc/hosts
+	ln -s /tmp/hosts rootfs/etc/hosts
+
+	# File.
+	rm -rf rootfs/tmp/hosts
+	test_mount_target ./config.json /etc/hosts /tmp/hosts
+
+	# Directory.
+	rm -rf rootfs/tmp/hosts
+	test_mount_target . /etc/hosts /tmp/hosts
+}