Why is "/tmp" restricted from being added to mounts?

[dsharp-pivotal]

I'm attempting to use Colima as a replacement for Docker Desktop. We have existing scripts that mount paths in /tmp (-v /tmp/...). When I try to run colima start --mount /tmp, I see the error message:

> msg="errors inspecting instance: [field `mounts[1].location` must not be a system path such as /etc or /usr]"

Which comes from

lima/pkg/limayaml/validate.go

Line 83 in 9e7ee97

return fmt.Errorf("field `mounts[%d].location` must not be a system path such as /etc or /usr", i)

I'm trying to understand this list of restricted system paths. I think I can understand safety concerns around /usr, /bin, /etc, /dev, etc, and security around /home. But I'm not sure why /tmp is restricted. Is this overly cautious, or is there a specific concern with /tmp?

I can bypass this check by mounting /private/tmp (because on MacOS, /tmp is a symlink to private/tmp), and when I do so, running docker containers with -v /private/tmp/... seems to work as expected. So my cursory testing doesn't indicate this is a technical restriction. I would prefer not to have to rewrite existing scripts to work around this.

[dsharp-pivotal]

I thought about it for 15 minutes and I think I figured it out... The mount would hide the system /tmp. This feature isn't just for mounting host paths in docker containers. The concerns are about the safety of the guest OS, not the host paths. I'll leave this here in case someone has the same question.