containers
diff --git a/‎docs/source/markdown/podman-create.1.md‎
Lines changed: 2 additions & 0 deletions b/‎docs/source/markdown/podman-create.1.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎docs/source/markdown/podman-run.1.md‎
Lines changed: 2 additions & 0 deletions b/‎docs/source/markdown/podman-run.1.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎libpod/define/container.go‎
Lines changed: 2 additions & 0 deletions b/‎libpod/define/container.go‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎libpod/diff.go‎
Lines changed: 12 additions & 11 deletions b/‎libpod/diff.go‎
Lines changed: 12 additions & 11 deletions
diff --git a/‎pkg/specgen/generate/oci.go‎
Lines changed: 1 addition & 1 deletion b/‎pkg/specgen/generate/oci.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎pkg/specgen/generate/storage.go‎
Lines changed: 2 additions & 4 deletions b/‎pkg/specgen/generate/storage.go‎
Lines changed: 2 additions & 4 deletions
diff --git a/‎test/e2e/run_test.go‎
Lines changed: 5 additions & 3 deletions b/‎test/e2e/run_test.go‎
Lines changed: 5 additions & 3 deletions
@@ -460,6 +460,8 @@ content that disappears when the container is stopped.
 #### **--init**
 
 Run an init inside the container that forwards signals and reaps processes.
+The container-init binary is mounted at `/run/podman-init`.
+Mounting over `/run` will hence break container execution.
 
 #### **--init-ctr**=*type* (pods only)
 
 
@@ -498,6 +498,8 @@ content that disappears when the container is stopped.
 #### **--init**
 
 Run an init inside the container that forwards signals and reaps processes.
+The container-init binary is mounted at `/run/podman-init`.
+Mounting over `/run` will hence break container execution.
 
 #### **--init-path**=*path*
 
 
@@ -35,4 +35,6 @@ const (
 	// OneShotInitContainer is a container that only runs as init once
 	// and is then deleted.
 	OneShotInitContainer = "once"
+	// ContainerInitPath is the default path of the mounted container init.
+	ContainerInitPath = "/run/podman-init"
 )
@@ -8,17 +8,18 @@ import (
 )
 
 var initInodes = map[string]bool{
-	"/dev":               true,
-	"/etc/hostname":      true,
-	"/etc/hosts":         true,
-	"/etc/resolv.conf":   true,
-	"/proc":              true,
-	"/run":               true,
-	"/run/notify":        true,
-	"/run/.containerenv": true,
-	"/run/secrets":       true,
-	"/sys":               true,
-	"/etc/mtab":          true,
+	"/dev":                   true,
+	"/etc/hostname":          true,
+	"/etc/hosts":             true,
+	"/etc/resolv.conf":       true,
+	"/proc":                  true,
+	"/run":                   true,
+	"/run/notify":            true,
+	"/run/.containerenv":     true,
+	"/run/secrets":           true,
+	define.ContainerInitPath: true,
+	"/sys":                   true,
+	"/etc/mtab":              true,
 }
 
 // GetDiff returns the differences between the two images, layers, or containers
 
@@ -128,7 +128,7 @@ func makeCommand(s *specgen.SpecGenerator, imageData *libimage.ImageData, rtc *c
 		if initPath == "" {
 			return nil, errors.Errorf("no path to init binary found but container requested an init")
 		}
-		finalCommand = append([]string{"/dev/init", "--"}, finalCommand...)
+		finalCommand = append([]string{define.ContainerInitPath, "--"}, finalCommand...)
 	}
 
 	return finalCommand, nil
 
@@ -20,9 +20,7 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-var (
-	errDuplicateDest = errors.Errorf("duplicate mount destination")
-)
+var errDuplicateDest = errors.Errorf("duplicate mount destination")
 
 // Produce final mounts and named volumes for a container
 func finalizeMounts(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, rtc *config.Config, img *libimage.Image) ([]spec.Mount, []*specgen.NamedVolume, []*specgen.OverlayVolume, error) {
@@ -359,7 +357,7 @@ func getVolumesFrom(volumesFrom []string, runtime *libpod.Runtime) (map[string]s
 // This does *NOT* modify the container command - that must be done elsewhere.
 func addContainerInitBinary(s *specgen.SpecGenerator, path string) (spec.Mount, error) {
 	mount := spec.Mount{
-		Destination: "/dev/init",
+		Destination: define.ContainerInitPath,
 		Type:        define.TypeBind,
 		Source:      path,
 		Options:     []string{define.TypeBind, "ro"},
 
@@ -13,6 +13,7 @@ import (
 	"time"
 
 	"github.com/containers/common/pkg/cgroups"
+	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/pkg/rootless"
 	. "github.com/containers/podman/v4/test/utils"
 	"github.com/containers/storage/pkg/stringid"
@@ -286,19 +287,20 @@ var _ = Describe("Podman run", func() {
 		result.WaitWithDefaultTimeout()
 		Expect(result).Should(Exit(0))
 		conData := result.InspectContainerToJSON()
-		Expect(conData[0]).To(HaveField("Path", "/dev/init"))
+		Expect(conData[0]).To(HaveField("Path", define.ContainerInitPath))
 		Expect(conData[0].Config.Annotations).To(HaveKeyWithValue("io.podman.annotations.init", "TRUE"))
 	})
 
 	It("podman run a container with --init and --init-path", func() {
-		session := podmanTest.Podman([]string{"run", "--name", "test", "--init", "--init-path", "/usr/libexec/podman/catatonit", ALPINE, "ls"})
+		// Also bind-mount /dev (#14251).
+		session := podmanTest.Podman([]string{"run", "-v", "/dev:/dev", "--name", "test", "--init", "--init-path", "/usr/libexec/podman/catatonit", ALPINE, "ls"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 		result := podmanTest.Podman([]string{"inspect", "test"})
 		result.WaitWithDefaultTimeout()
 		Expect(result).Should(Exit(0))
 		conData := result.InspectContainerToJSON()
-		Expect(conData[0]).To(HaveField("Path", "/dev/init"))
+		Expect(conData[0]).To(HaveField("Path", define.ContainerInitPath))
 		Expect(conData[0].Config.Annotations).To(HaveKeyWithValue("io.podman.annotations.init", "TRUE"))
 	})
Original file line number	Diff line number	Diff line change
`@@ -35,4 +35,6 @@ const (`
`35`	`35`	`// OneShotInitContainer is a container that only runs as init once`
`36`	`36`	`// and is then deleted.`
`37`	`37`	`OneShotInitContainer = "once"`
	`38`	`+ // ContainerInitPath is the default path of the mounted container init.`
	`39`	`+ ContainerInitPath = "/run/podman-init"`
`38`	`40`	`)`
Original file line number	Diff line number	Diff line change
`@@ -128,7 +128,7 @@ func makeCommand(s specgen.SpecGenerator, imageData libimage.ImageData, rtc *c`
`128`	`128`	`if initPath == "" {`
`129`	`129`	`return nil, errors.Errorf("no path to init binary found but container requested an init")`
`130`	`130`	`}`
`131`		`- finalCommand = append([]string{"/dev/init", "--"}, finalCommand...)`
	`131`	`+ finalCommand = append([]string{define.ContainerInitPath, "--"}, finalCommand...)`
`132`	`132`	`}`
`133`	`133`
`134`	`134`	`return finalCommand, nil`