[BUG] bind.create_host_path: false is ignored and missing host path is still auto-created

[kyoh86]

Description

When using bind mounts in Compose long syntax, I think that bind.create_host_path: false should prevent automatic creation of missing host paths.

https://github.com/compose-spec/compose-spec/blob/main/spec.md#short-syntax-5

Note

For bind mounts, short syntax creates a directory at the source path on the host if it doesn't exist. This is for backward compatibility with docker-compose legacy. It can be prevented by using long syntax and setting create_host_path to false.

In my environment (docker compose v5.0.2 from Docker Desktop on WSL2), the missing host directory is still created automatically, and the service starts successfully.

Expected behavior:

• docker compose run should fail if the bind source path does not exist and create_host_path: false is set.

Actual behavior:

• The missing host path is created anyway.
• The container starts.
• The created directory is owned by root:root on host.

This breaks workflows that rely on strict pre-created runtime directories and ownership control.

Steps To Reproduce

1. Create this compose.yml:

services:
  should_fail:
    image: alpine:3.21
    command: ["sh", "-lc", "echo unexpected-success"]
    volumes:
      - type: bind
        source: ./tmp/missing-dir
        target: /mnt/missing
        bind:
          create_host_path: false

2. Run:

$ sudo rm -rf ./tmp
$ docker compose -f compose.yml run --rm should_fail
$ ls -ld ./tmp ./tmp/*

3. Observe:

• should_fail unexpectedly succeeds.
• ./tmp/missing-dir is created.

Compose Version

$ docker compose version
Docker Compose version v5.0.2
$ docker-compose version
Docker Compose version v5.0.2

Docker Environment

Client:
 Version:    29.2.1
 Context:    default
 Debug Mode: false
 Plugins:
  ai: Docker AI Agent - Ask Gordon (Docker Inc.)
    Version:  v1.18.0
    Path:     /usr/local/lib/docker/cli-plugins/docker-ai
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.31.1-desktop.1
    Path:     /usr/local/lib/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v5.0.2
    Path:     /usr/local/lib/docker/cli-plugins/docker-compose
  debug: Get a shell into any image or container (Docker Inc.)
    Version:  0.0.47
    Path:     /usr/local/lib/docker/cli-plugins/docker-debug
  desktop: Docker Desktop commands (Docker Inc.)
    Version:  v0.3.0
    Path:     /usr/local/lib/docker/cli-plugins/docker-desktop
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.31
    Path:     /usr/local/lib/docker/cli-plugins/docker-extension
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v1.4.0
    Path:     /usr/local/lib/docker/cli-plugins/docker-init
  mcp: Docker MCP Plugin (Docker Inc.)
    Version:  v0.39.1
    Path:     /usr/local/lib/docker/cli-plugins/docker-mcp
  model: Docker Model Runner (Docker Inc.)
    Version:  v1.0.8
    Path:     /usr/local/lib/docker/cli-plugins/docker-model
  offload: Docker Offload (Docker Inc.)
    Version:  v0.5.45
    Path:     /usr/local/lib/docker/cli-plugins/docker-offload
  pass: Docker Pass Secrets Manager Plugin (beta) (Docker Inc.)
    Version:  v0.0.24
    Path:     /usr/local/lib/docker/cli-plugins/docker-pass
  sandbox:  (Docker Inc.)
    Version:  v0.12.0
    Path:     /usr/local/lib/docker/cli-plugins/docker-sandbox
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /usr/local/lib/docker/cli-plugins/docker-sbom
  scout: Docker Scout (Docker Inc.)
    Version:  v1.19.0
    Path:     /usr/local/lib/docker/cli-plugins/docker-scout

Server:
 Containers: 1
  Running: 1
  Paused: 0
  Stopped: 0
 Images: 43
 Server Version: 29.2.1
 Storage Driver: overlayfs
  driver-type: io.containerd.snapshotter.v1
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 CDI spec directories:
  /etc/cdi
  /var/run/cdi
 Discovered Devices:
  cdi: docker.com/gpu=webgpu
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 nvidia runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: dea7da592f5d1d2b7755e3a161be07f43fad8f75
 runc version: v1.3.4-0-gd6d73eb8
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.6.87.2-microsoft-standard-WSL2
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 20
 Total Memory: 31.08GiB
 Name: docker-desktop
 ID: 036880b9-2847-4f64-b7a6-0c50d3a72f98
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Labels:
  com.docker.desktop.address=unix:///var/run/docker-cli.sock
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  ::1/128
  127.0.0.0/8
 Live Restore Enabled: false
 Firewall Backend: iptables

Anything else?

docker compose config keeps create_host_path: false in the rendered config for the affected mount, so the value appears to be parsed but not enforced at runtime.

[Aliexe-code]

@kyoh86 Hi! I'd like to work on this issue. Can I assign myself?

[kyoh86]

@Aliexe-code thanks, sure.

[ndeloof]

I wonder this is related to #13500