volumes: Implement subpath mount

[vvoland]

• Depends on: contrib/busybox: Update to FRP-5007-g82accfc19 #45784

• Fixes [feature] Allow mounting sub-directories of named volumes #32582

• Supersedes, closes Allow mounting a sub-directory of a named volume #39041

- What I did
Make it possible to mount subdirectory of a named volume.

- How I did it

VolumeOptions now has a Subpath field which allows to specify a path relative to the volume that should be mounted as a destination.

Symlinks are supported, but they cannot escape the base volume directory.
A protection against the Time-of-check to Time-of-use is implemented for Linux and Windows to make it not possible to replace the mount source with a symlink that escapes the volume directory.

On Linux, all subpath components are opened with openat, relative to the base volume directory and checked against the volume escape. The final file descriptor is mounted from the /proc/self/fd/ to a temporary mount point owned by the daemon and then passed to the underlying container runtime. Temporary mountpoint is removed after the container is started.

On Windows, all components of the path are locked before the check, and released once the path is already mounted.

- How to verify it
TestRunMountVolumeSubdir integration test

- Description for the changelog
Add Subpath field to the VolumeOptions making it possible to mount a subpath of a volume.

- A picture of a cute animal (not mandatory but encouraged)

[thaJeztah]

LGTM - let's get this one in 🎉

[zmweske]

is the long syntax required or would it be possible to utilize short syntax? It currently seems to only work with long syntax but it would make sense to me that if a named volume exists with a subpath, it should work. If a named volume doesn't exist, it will look for folders in ./

See: https://docs.docker.com/compose/compose-file/05-services/#volumes

services:
  example:
    image: example:latest
    volumes:
      - named-volume/subpath:/internal/dir:rw  # would utilize a named volume that exists in the compose file already
      - local-dir/subpath:/internal/dir:rw  # would use a local dir as no named volume exists
      - ./local-dir2/subpath:/internal/dir2:rw  # functionally the same as above
...
volumes:
  named-volume:
    driver_opts:
      type: cifs
      o: "uid=1000,username=username,password=${CIFS_PWD},iocharset=utf8,noperm,nobrl,vers=3.0"
      device: "//192.168.10.10/example/storage"

Thoughts?

[neersighted]

This is the wrong issue to discuss Compose's implementation. That being said, we're deliberately avoiding short/ambiguous formats (e.g. the implicit behavior you describe) for new features like this, for (hopefully obvious) reasons of explicit being better than implicit.

Less typing sounds nice, until it leads to a bevy of issue reports, wasted hours debugging, or (in the worst case) security issues.

Please open a discussion on https://github.com/compose-spec/compose-spec for questions, or open an issue if you have a concrete proposal/change to suggest.

[thaJeztah]

Yeah, I don't think we want to overload the short-form syntax more. Also not sure if such a format should be defined by the compose-spec first (as there's an expectation for the short-form format to be the same as is used for -v short-form).