chroot: use $PATH when finding commands

Use the $PATH from the runtime config, if it includes one, so that when
the command to run isn't an absolute path and the command isn't being
processed by the shell, exec.Command()'s internal call to
exec.LookPath() will find it.

Signed-off-by: Nalin Dahyabhai <[email protected]>

Author: nalind

chroot/run_common.go

@@ -12,6 +12,7 @@ import (
 	"os/signal"
 	"path/filepath"
 	"runtime"
+	"slices"
 	"strconv"
 	"strings"
 	"sync"
@@ -743,6 +744,15 @@ func runUsingChrootExecMain() {
 		os.Exit(1)
 	}
 
+	// Set $PATH to the value for the container, so that when args[0] is not an absolute path,
+	// exec.Command() can find it using exec.LookPath().
+	for _, env := range slices.Backward(options.Spec.Process.Env) {
+		if val, ok := strings.CutPrefix(env, "PATH="); ok {
+			os.Setenv("PATH", val)
+			break
+		}
+	}
+
 	// Actually run the specified command.
 	cmd := exec.Command(args[0], args[1:]...)
 	setPdeathsig(cmd)

tests/bud.bats

@@ -8888,3 +8888,20 @@ _EOF
   run_buildah --root=${TEST_SCRATCH_DIR}/newroot --storage-opt=imagestore=${TEST_SCRATCH_DIR}/root build --pull=never ${contextdir}
   run_buildah --root=${TEST_SCRATCH_DIR}/newroot --storage-opt=imagestore=${TEST_SCRATCH_DIR}/root build --pull=never --squash ${contextdir}
 }
+
+@test "bud with exec-form RUN instruction" {
+  baseimage=busybox
+  _prefetch $baseimage
+  local contextdir=${TEST_SCRATCH_DIR}/context
+  mkdir -p "${contextdir}"
+  cat > "${contextdir}"/Dockerfile <<-EOF
+  FROM scratch AS mkdir
+  RUN --mount=type=bind,from="${baseimage}",destination=/usr ["busybox", "sh", "-x", "-c", "mkdir /brand-new-subdir"]
+  FROM "${baseimage}"
+  RUN --mount=type=bind,from=mkdir,destination=/mounted find /mounted -print
+EOF
+  run_buildah build --layers=true "${contextdir}"
+  expect_output --substring /mounted/brand-new-subdir
+  run_buildah build --layers=false "${contextdir}"
+  expect_output --substring /mounted/brand-new-subdir
+}