integration: add some tests for bind mount through dangling symlinks

lifubang · cyphar · commit f9f5b2d0c86e · 2025-11-23T08:11:21.000+11:00
We intentionally broke this in commit d40b343 ("rootfs: switch to fd-based handling of mountpoint targets") under the assumption that most users do not need this feature. Sadly it turns out they do, and so commit 3f92552 ("rootfs: re-allow dangling symlinks in mount targets") added a hotfix to re-add this functionality. This patch adds some much-needed tests for this behaviour, since it seems we are going to need to keep this for compatibility reasons (at least until runc v2...). Co-developed-by: lifubang <lifubang@acmcoder.com> Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
diff --git a/tests/integration/mounts.bats b/tests/integration/mounts.bats
@@ -343,3 +343,58 @@ function test_mount_order() {
 @test "runc run [mount order, container idmap source] (userns)" {
 	test_mount_order userns,idmap
 }
+
+test_mount_target() {
+	src="$1"
+	dst="$2"
+	real_dst="${3:-$dst}"
+
+	echo "== $src -> $dst (=> $real_dst) =="
+
+	old_config="$(mktemp ./config.json.bak.XXXXXX)"
+	cp ./config.json "$old_config"
+
+	update_config '.mounts += [{
+		source: "'"$src"'",
+		destination: "'"$dst"'",
+		options: ["bind"]
+	}]'
+
+	# Make sure the target path is at the right spot and is actually a
+	# bind-mount of the correct inode.
+	update_config '.process.args = ["stat", "-c", "%n %d:%i", "--", "'"$real_dst"'"]'
+	runc run test_busybox
+	[ "$status" -eq 0 ]
+	[[ "$output" == "$real_dst $(stat -c "%d:%i" -- "$src")" ]]
+
+	# Make sure there is a mount entry for the target path.
+	update_config '.process.args = ["awk", "-F", "PATH='"$real_dst"'", "$2 == PATH", "/proc/self/mounts"]'
+	runc run test_busybox
+	[ "$status" -eq 0 ]
+	[[ "$output" == *"$real_dst"* ]]
+
+	# Switch back the old config so this function can be called multiple times.
+	mv "$old_config" "./config.json"
+}
+
+@test "runc run [bind mount through a dangling symlink component]" {
+	rm -rf rootfs/etc/hosts
+	ln -s /tmp/foo/bar rootfs/jump
+	ln -s /jump/baz/hosts rootfs/etc/hosts
+
+	rm -rf rootfs/tmp/foo
+	test_mount_target ./config.json /etc/hosts /tmp/foo/bar/baz/hosts
+}
+
+@test "runc run [bind mount through a trailing dangling symlink]" {
+	rm -rf rootfs/etc/hosts
+	ln -s /tmp/hosts rootfs/etc/hosts
+
+	# File.
+	rm -rf rootfs/tmp/hosts
+	test_mount_target ./config.json /etc/hosts /tmp/hosts
+
+	# Directory.
+	rm -rf rootfs/tmp/hosts
+	test_mount_target . /etc/hosts /tmp/hosts
+}
