diff --git a/demos/embedded_mode/Makefile b/demos/embedded_mode/Makefile
index 98a23d02..eebf5265 100644
--- a/demos/embedded_mode/Makefile
+++ b/demos/embedded_mode/Makefile
@@ -18,8 +18,8 @@ build_src:
 
 TOTAL_BYTES := 10000000000 # 10GB
 test:
-	cd occlum_instance && LD_LIBRARY_PATH=../bench_driver/build:$(SGX_SDK)/sdk_libs RUST_BACKTRACE=1 \
-		../bench_driver/build/bench_driver $(TOTAL_BYTES)
+	LD_LIBRARY_PATH=bench_driver/build:$(SGX_SDK)/sdk_libs RUST_BACKTRACE=1 \
+		bench_driver/build/bench_driver $(TOTAL_BYTES)
 
 clean:
 	@$(MAKE) --no-print-directory -C trusted_memcpy_bench clean
diff --git a/demos/embedded_mode/bench_driver/main.c b/demos/embedded_mode/bench_driver/main.c
index 102b3c3d..b6e02626 100644
--- a/demos/embedded_mode/bench_driver/main.c
+++ b/demos/embedded_mode/bench_driver/main.c
@@ -44,6 +44,8 @@ int main(int argc, char *argv[]) {
 
     // Init Occlum PAL
     occlum_pal_attr_t pal_attr = OCCLUM_PAL_ATTR_INITVAL;
+    pal_attr.instance_dir = "occlum_instance";
+    pal_attr.log_level = "off";
     if (occlum_pal_init(&pal_attr) < 0) {
         return EXIT_FAILURE;
     }
diff --git a/src/libos/src/config.rs b/src/libos/src/config.rs
index 0dd92a33..5b32f1ee 100644
--- a/src/libos/src/config.rs
+++ b/src/libos/src/config.rs
@@ -1,4 +1,5 @@
 use super::*;
+use crate::std::untrusted::path::PathEx;
 use serde::{Deserialize, Serialize};
 use std::collections::HashSet;
 use std::ffi::CString;
@@ -217,6 +218,12 @@ impl ConfigMount {
             target
         };
         let source = input.source.as_ref().map(|s| PathBuf::from(s));
+        let source = if source.is_none() {
+            None
+        } else {
+            let path = unsafe { PathBuf::from(&INSTANCE_DIR) };
+            path.join(source.unwrap()).canonicalize().ok()
+        };
         let options = ConfigMountOptions::from_input(&input.options)?;
         Ok(ConfigMount {
             type_,
diff --git a/src/pal/src/pal_api.c b/src/pal/src/pal_api.c
index faf992ad..d10ea308 100644
--- a/src/pal/src/pal_api.c
+++ b/src/pal/src/pal_api.c
@@ -8,6 +8,7 @@
 #include "pal_syscall.h"
 #include "pal_thread_counter.h"
 #include "errno2str.h"
+#include <linux/limits.h>
 
 int occlum_pal_get_version(void) {
     return OCCLUM_PAL_VERSION;
@@ -23,6 +24,12 @@ int occlum_pal_init(const struct occlum_pal_attr *attr) {
         return -1;
     }
 
+    char resolved_path[PATH_MAX] = {0};
+    if (realpath(attr->instance_dir, resolved_path) == NULL) {
+        PAL_ERROR("realpath returns %s", errno2str(errno));
+        return -1;
+    }
+
     sgx_enclave_id_t eid = pal_get_enclave_id();
     if (eid != SGX_INVALID_ENCLAVE_ID) {
         PAL_ERROR("Enclave has been initialized.");
@@ -36,14 +43,14 @@ int occlum_pal_init(const struct occlum_pal_attr *attr) {
     }
 #endif
 
-    if (pal_init_enclave(attr->instance_dir) < 0) {
+    if (pal_init_enclave(resolved_path) < 0) {
         return -1;
     }
     eid = pal_get_enclave_id();
 
     int ecall_ret = 0;
     sgx_status_t ecall_status = occlum_ecall_init(eid, &ecall_ret, attr->log_level,
-                                attr->instance_dir);
+                                resolved_path);
     if (ecall_status != SGX_SUCCESS) {
         const char *sgx_err = pal_get_sgx_error_msg(ecall_status);
         PAL_ERROR("Failed to do ECall: %s", sgx_err);