new 'no-dereference' mount option

Add a new `no-dereference` mount option supported by crun 1.11+ to re-create/copy a symlink if it's the source of a mount. By default the kernel will resolve the symlink on the host and mount the target. As reported in #20098, there are use cases where the symlink structure must be preserved by all means. Fixes: #20098 Fixes: issues.redhat.com/browse/RUN-1935 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
2025-05-22 09:36:57 +08:00 · 2023-10-09 14:08:00 +02:00
parent 7dfbc72769
commit e40d70cecc
10 changed files with 105 additions and 10 deletions
--- a/vendor/github.com/containers/common/pkg/parse/parse.go
+++ b/vendor/github.com/containers/common/pkg/parse/parse.go
@ -14,7 +14,7 @@ import (

 // ValidateVolumeOpts validates a volume's options
 func ValidateVolumeOpts(options []string) ([]string, error) {
-	var foundRootPropagation, foundRWRO, foundLabelChange, bindType, foundExec, foundDev, foundSuid, foundChown, foundUpperDir, foundWorkDir, foundCopy int
+	var foundRootPropagation, foundRWRO, foundLabelChange, bindType, foundExec, foundDev, foundSuid, foundChown, foundUpperDir, foundWorkDir, foundCopy, foundCopySymlink int
 	finalOpts := make([]string, 0, len(options))
 	for _, opt := range options {
 		// support advanced options like upperdir=/path, workdir=/path
@ -93,6 +93,11 @@ func ValidateVolumeOpts(options []string) ([]string, error) {
 			if foundCopy > 1 {
 				return nil, fmt.Errorf("invalid options %q, can only specify 1 'copy' or 'nocopy' option", strings.Join(options, ", "))
 			}
+		case "no-dereference":
+			foundCopySymlink++
+			if foundCopySymlink > 1 {
+				return nil, fmt.Errorf("invalid options %q, can only specify 1 'no-dereference' option", strings.Join(options, ", "))
+			}
 		default:
 			return nil, fmt.Errorf("invalid option type %q", opt)
 		}