Merge pull request #48815 from dixudx/mountpath_should_be_absolute

Automatic merge from submit-queue (batch tested with PRs 48082, 48815, 48901, 48824) mountpath should be absolute **What this PR does / why we need it**: Should validate the mountpath before mounting to container. Docker forbids mounting to a relative path inside the container. **Which issue this PR fixes** : fixes #48749 **Special notes for your reviewer**: **Release note**: ```release-note MountPath should be absolute ```
2025-07-23 11:50:44 +00:00 · 2017-07-13 22:43:56 -07:00 · 2017-07-13 22:43:56 -07:00 · a014cea392
commit a014cea392
parent d58d29d99d 8d86bd1c64
2 changed files with 4 additions and 1 deletions
--- a/pkg/api/validation/validation.go
+++ b/pkg/api/validation/validation.go
@ -1760,6 +1760,9 @@ func ValidateVolumeMounts(mounts []api.VolumeMount, volumes sets.String, fldPath
 		if mountpoints.Has(mnt.MountPath) {
 			allErrs = append(allErrs, field.Invalid(idxPath.Child("mountPath"), mnt.MountPath, "must be unique"))
 		}
+		if !path.IsAbs(mnt.MountPath) {
+			allErrs = append(allErrs, field.Invalid(idxPath.Child("mountPath"), mnt.MountPath, "must be an absolute path"))
+		}
 		mountpoints.Insert(mnt.MountPath)
 		if len(mnt.SubPath) > 0 {
 			allErrs = append(allErrs, validateLocalDescendingPath(mnt.SubPath, fldPath.Child("subPath"))...)
--- a/pkg/api/validation/validation_test.go
+++ b/pkg/api/validation/validation_test.go
@ -3045,7 +3045,6 @@ func TestValidateVolumeMounts(t *testing.T) {
 		{Name: "abc-123", MountPath: "/bab", SubPath: "baz"},
 		{Name: "abc-123", MountPath: "/bac", SubPath: ".baz"},
 		{Name: "abc-123", MountPath: "/bad", SubPath: "..baz"},
-		{Name: "abc", MountPath: "c:/foo/bar"},
 	}
 	if errs := ValidateVolumeMounts(successCase, volumes, field.NewPath("field")); len(errs) != 0 {
 		t.Errorf("expected success: %v", errs)
@ -3055,6 +3054,7 @@ func TestValidateVolumeMounts(t *testing.T) {
 		"empty name":          {{Name: "", MountPath: "/foo"}},
 		"name not found":      {{Name: "", MountPath: "/foo"}},
 		"empty mountpath":     {{Name: "abc", MountPath: ""}},
+		"relative mountpath":  {{Name: "abc", MountPath: "bar"}},
 		"mountpath collision": {{Name: "foo", MountPath: "/path/a"}, {Name: "bar", MountPath: "/path/a"}},
 		"absolute subpath":    {{Name: "abc", MountPath: "/bar", SubPath: "/baz"}},
 		"subpath in ..":       {{Name: "abc", MountPath: "/bar", SubPath: "../baz"}},