From: Ryan Brue <ryanbrue.dev@gmail.com>
Date: Mon, 28 Jul 2025 16:46:22 +0000 (-0500)
Subject: doc: document /run/host/root/ as an optional bind mount for the host fs
X-Git-Tag: v259-rc1~560
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d7c7af28fb47304c9b90049230e5242bc4c32cd8;p=thirdparty%2Fsystemd.git

doc: document /run/host/root/ as an optional bind mount for the host fs

Container managers may want to bind mount the root filesystem
somewhere within the container. Security-wise, this is very much not
recommended, but it may be something application containers may want
to do nonetheless.

Ref: https://github.com/flatpak/flatpak/pull/6125#issuecomment-2759378603
---

diff --git a/docs/CONTAINER_INTERFACE.md b/docs/CONTAINER_INTERFACE.md
index 2a823218814..77648395e96 100644
--- a/docs/CONTAINER_INTERFACE.md
+++ b/docs/CONTAINER_INTERFACE.md
@@ -301,6 +301,12 @@ care should be taken to avoid naming conflicts. `systemd` (and in particular
     may be used in combination with `/run/host/userdb/` above: one defines the
     user record, the other contains the user's home directory.
 
+12. The `/run/host/root/` directory may be used to bind mount the host root
+    filesystem. Binding the host's root filesystem into the container is a
+    major security hole: any container manager that maintains a security
+    boundary should not use this; however, if having the root filesystem in
+    the container is desired, this is a good place to mount it to.
+
 ## What You Shouldn't Do
 
 1. Do not drop `CAP_MKNOD` from the container. `PrivateDevices=` is a commonly