Do not allow mounting to machine dir /tmp

baude · baude · commit 60b444f0427c · 2025-03-04T15:23:32.000-06:00
the destination machine mount overwrote /tmp. Here I have added a sanity check. I also moved the volume parsing and check earlier in the init function so that one does not have to endure the decompression and clean up of the machine image for cli parsing. Fixes: containers#18230 Signed-off-by: Brent Baude <bbaude@redhat.com>
diff --git a/pkg/machine/e2e/init_test.go b/pkg/machine/e2e/init_test.go
@@ -77,6 +77,20 @@ var _ = Describe("podman machine init", func() {
 		badMemSession, err := mb.setCmd(badMem.withMemory(uint(total))).run()
 		Expect(err).ToNot(HaveOccurred())
 		Expect(badMemSession).To(Exit(125))
+
+		// Check that mounting to /tmp is caught
+		tmpVol := initMachine{}
+		tmpVolSession, err := mb.setCmd(tmpVol.withVolume("/whatever:/tmp")).run()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(tmpVolSession).To(Exit(125))
+		Expect(tmpVolSession.errorToString()).To(ContainSubstring("Error: machine mount destination cannot be /tmp: consider another location or a subdirectory of /tmp"))
+
+		// Mounting to /tmp/ <-- trailing slash is also caught
+		tmpVolTrailer := initMachine{}
+		tmpVolTrailerSession, err := mb.setCmd(tmpVolTrailer.withVolume("/whatever:/tmp/")).run()
+		Expect(err).ToNot(HaveOccurred())
+		Expect(tmpVolTrailerSession).To(Exit(125))
+		Expect(tmpVolTrailerSession.errorToString()).To(ContainSubstring("Error: machine mount destination cannot be /tmp: consider another location or a subdirectory of /tmp"))
 	})
 
 	It("simple init", func() {
diff --git a/pkg/machine/shim/host.go b/pkg/machine/shim/host.go
@@ -118,6 +118,19 @@ func Init(opts machineDefine.InitOptions, mp vmconfigs.VMProvider) error {
 		createOpts.UserModeNetworking = *umn
 	}
 
+	// Mounts
+	if mp.VMType() != machineDefine.WSLVirt {
+		mc.Mounts = CmdLineVolumesToMounts(opts.Volumes, mp.MountType())
+	}
+
+	for _, mnt := range mc.Mounts {
+		// Issue #18230 ... cannot mount over /tmp
+		mountTarget, _ := strings.CutSuffix(mnt.Target, "/")
+		if mountTarget == "/tmp" {
+			return errors.New("machine mount destination cannot be /tmp: consider another location or a subdirectory of /tmp")
+		}
+	}
+
 	// Get Image
 	// TODO This needs rework bigtime; my preference is most of below of not living in here.
 	// ideally we could get a func back that pulls the image, and only do so IF everything works because
@@ -251,11 +264,6 @@ func Init(opts machineDefine.InitOptions, mp vmconfigs.VMProvider) error {
 	}
 	ignBuilder.WithUnit(readyUnit)
 
-	// Mounts
-	if mp.VMType() != machineDefine.WSLVirt {
-		mc.Mounts = CmdLineVolumesToMounts(opts.Volumes, mp.MountType())
-	}
-
 	// TODO AddSSHConnectionToPodmanSocket could take an machineconfig instead
 	if err := connection.AddSSHConnectionsToPodmanSocket(mc.HostUser.UID, mc.SSH.Port, mc.SSH.IdentityPath, mc.Name, mc.SSH.RemoteUsername, opts); err != nil {
 		return err
