doc: document /run/host/root/ as an optional bind mount for the host fs

Container managers may want to bind mount the root filesystem somewhere within the container. Security-wise, this is very much not recommended, but it may be something application containers may want to do nonetheless. Ref: https://github.com/flatpak/flatpak/pull/6125#issuecomment-2759378603
2025-10-06 00:13:24 +02:00 · 2025-07-28 11:46:22 -05:00
parent 72bf86663c
commit d7c7af28fb
1 changed files with 6 additions and 0 deletions
--- a/docs/CONTAINER_INTERFACE.md
+++ b/docs/CONTAINER_INTERFACE.md
@@ -301,6 +301,12 @@ care should be taken to avoid naming conflicts. `systemd` (and in particular
    may be used in combination with `/run/host/userdb/` above: one defines the
    user record, the other contains the user's home directory.

+12. The `/run/host/root/` directory may be used to bind mount the host root
+    filesystem. Binding the host's root filesystem into the container is a
+    major security hole: any container manager that maintains a security
+    boundary should not use this; however, if having the root filesystem in
+    the container is desired, this is a good place to mount it to.
+
 ## What You Shouldn't Do

 1. Do not drop `CAP_MKNOD` from the container. `PrivateDevices=` is a commonly