From 633d5f1f8b8844d6e2fb3e2593768360c889ed76 Mon Sep 17 00:00:00 2001
From: Valentin Rothberg <vrothberg@redhat.com>
Date: Wed, 18 May 2022 11:34:13 +0200
Subject: fix --init with /dev bind mount

The init binary until now has been bind-mounted to /dev/init which
breaks when bind-mounting to /dev.  Instead mount the init to
/run/podman-init.  The reasoning for using /run is that it is already
used for other runtime data such as secrets.

Fixes: #14251
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
---
 pkg/specgen/generate/oci.go     | 2 +-
 pkg/specgen/generate/storage.go | 6 ++----
 2 files changed, 3 insertions(+), 5 deletions(-)

(limited to 'pkg/specgen')

diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index 081df0441..dda2de6e4 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -128,7 +128,7 @@ func makeCommand(s *specgen.SpecGenerator, imageData *libimage.ImageData, rtc *c
 		if initPath == "" {
 			return nil, errors.Errorf("no path to init binary found but container requested an init")
 		}
-		finalCommand = append([]string{"/dev/init", "--"}, finalCommand...)
+		finalCommand = append([]string{define.ContainerInitPath, "--"}, finalCommand...)
 	}
 
 	return finalCommand, nil
diff --git a/pkg/specgen/generate/storage.go b/pkg/specgen/generate/storage.go
index f30fc4671..0a4d03780 100644
--- a/pkg/specgen/generate/storage.go
+++ b/pkg/specgen/generate/storage.go
@@ -20,9 +20,7 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-var (
-	errDuplicateDest = errors.Errorf("duplicate mount destination")
-)
+var errDuplicateDest = errors.Errorf("duplicate mount destination")
 
 // Produce final mounts and named volumes for a container
 func finalizeMounts(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, rtc *config.Config, img *libimage.Image) ([]spec.Mount, []*specgen.NamedVolume, []*specgen.OverlayVolume, error) {
@@ -359,7 +357,7 @@ func getVolumesFrom(volumesFrom []string, runtime *libpod.Runtime) (map[string]s
 // This does *NOT* modify the container command - that must be done elsewhere.
 func addContainerInitBinary(s *specgen.SpecGenerator, path string) (spec.Mount, error) {
 	mount := spec.Mount{
-		Destination: "/dev/init",
+		Destination: define.ContainerInitPath,
 		Type:        define.TypeBind,
 		Source:      path,
 		Options:     []string{define.TypeBind, "ro"},
-- 
cgit v1.2.3-54-g00ecf