From b87b4dc3bef2db3845579cc3e177109ee507d2ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Bombo?= Date: Thu, 12 Feb 2026 11:53:58 -0600 Subject: [PATCH] relax bind mount regex MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit the source path can be cached from the first container now Signed-off-by: Aurélien Bombo --- src/tools/genpolicy/src/mount_and_storage.rs | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/src/tools/genpolicy/src/mount_and_storage.rs b/src/tools/genpolicy/src/mount_and_storage.rs index 49356b7d2a..e9fe786012 100644 --- a/src/tools/genpolicy/src/mount_and_storage.rs +++ b/src/tools/genpolicy/src/mount_and_storage.rs @@ -283,13 +283,7 @@ fn get_shared_bind_mount( propagation: &str, access: &str, ) { - // The Kata Shim filepath.Base() to extract the last element of this path, in - // https://github.com/kata-containers/kata-containers/blob/5e46f814dd79ab6b34588a83825260413839735a/src/runtime/virtcontainers/fs_share_linux.go#L305 - // In Rust, Path::file_name() has a similar behavior. - let path = Path::new(&yaml_mount.mountPath); - let mount_path = path.file_name().unwrap().to_str().unwrap(); - - let source = format!("$(sfprefix){mount_path}$"); + let source = "$(sfprefix)[a-zA-Z0-9_.-]+$".to_string(); let dest = yaml_mount.mountPath.clone(); let type_ = "bind".to_string();