Handle file bind mounts in mount profiles instead of silent failure #39
Description
Problem
mount.c unconditionally calls mkdir() on the target path before issuing
MS_BIND. When the bind-mount source is a regular file (e.g.
/etc/resolv.conf, /etc/hostname), mkdir() creates a directory at the
target instead of a regular file. The subsequent mount(..., MS_BIND) then
fails because the source and target types do not match, producing a confusing
EINVAL or ENOTDIR with no indication of the actual cause.
This affects mount profiles that might reasonably include file bind mounts
(e.g. injecting a custom /etc/resolv.conf into the guest).
Proposed Changes
Two options (pick one based on complexity/benefit):
Option A: Support file bind mounts
- Before creating the target,
stat()the source to determine its type. - If the source is a regular file, create the target with
open(path, O_CREAT | O_WRONLY, 0644); close(fd)instead ofmkdir(). - If the source is a directory, use
mkdir()as today.
Option B: Reject file bind mounts early
- Before
mkdir(),stat()the source. - If the source is a regular file, return a clear error:
"file bind mounts not supported: %s"and skip the mount. - Document this limitation in the mount profile documentation.
Option A is preferred if file bind mounts are a realistic use case (resolv.conf
injection, custom config files). Option B is acceptable if the scope should stay
minimal.
Considerations
- The
stat()call targets the host filesystem (or LKL depending on mount
phase). Ensure the correct stat path is used for the mount profile being
processed. - Symlink sources need careful handling:
stat()follows symlinks, which is
correct for bind mounts (mount the target of the symlink). - Existing mount profiles (raw, recommended, standard) should be audited for
any file-type sources that silently fail today.
References
src/mount.c:mkdir()beforeMS_BIND, mount profile processinginclude/kbox/mount.h:enum kbox_mount_profiledefinitions