Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
2
Description
Currently we allow two volumes to have the same container_path. The bind-mount of a later volume would overwrite that of an earlier one.
However, if the two volumes are file-based secrets, the containerizer will generate pre-exec commands similar to the following:
mv -f secret1 source mount -n --rbind source container_path mv -f secret2 source mount -n --rbind source container_path
The second mv would rename secret2 to source, but target remains bounded to the gone secret1, and this would make the last mount result in an ENOENT.
In general, allowing multiple with the same container_path is not useful, so we should disallow it and validate that in advance instead of getting a failure during container launch.