Mounts: Change single file mounts to a different approach#665
Open
dcantah wants to merge 1 commit intoapple:mainfrom
Open
Mounts: Change single file mounts to a different approach#665dcantah wants to merge 1 commit intoapple:mainfrom
dcantah wants to merge 1 commit intoapple:mainfrom
Conversation
Change to sharing in the parent directory, and then bind mounting in the file into the container. This has the unfortunate reality of being less secure, but the current approach is burdended by a couple things, namely: 1. You can't share in files that are on a different volume 2. There is a Virtualization bug that causes spurious errors when trying to open the file. I've added a doc to go over the approach we've taken, and some workarounds if the approach is not satisfactory.
jglogan
approved these changes
Apr 9, 2026
Contributor
jglogan
left a comment
jglogan
left a comment
There was a problem hiding this comment.
I've approved, if you merge could you make another quick PR for the comments (or put them in another PR).
| the behavior explicit and gives the container access to the full directory at the | ||
| destination path. | ||
|
|
||
| - **Stage files into a dedicated directory**: Copy or link the files you need into a |
| sharedParentTags.insert(prepared.tag) | ||
| let directoryShare = Mount.share( | ||
| source: prepared.parentDirectory.path, | ||
| destination: "/.file-mount-holding", |
Contributor
There was a problem hiding this comment.
Can you add the comment back about this path being a dummy value?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related to apple/container#1251
Change to sharing in the parent directory, and then bind mounting in the file into the container. This has the unfortunate reality of being less secure, but the current approach is burdended by a couple things, namely:
I've added a doc to go over the approach we've taken, and some workarounds if the approach is not satisfactory.