aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2019-03-14 08:33:53 -0400
committerDaniel J Walsh <dwalsh@redhat.com>2019-03-15 10:44:44 -0400
commit9d81be961491ac965f6cc9fd96884833c0165334 (patch)
treef107bb824b7f8af5168c33dee8d946f9d16d6d0d
parent37dcc0a305a1606de7c0f5521d11250a4318bb51 (diff)
downloadpodman-9d81be961491ac965f6cc9fd96884833c0165334.tar.gz
podman-9d81be961491ac965f6cc9fd96884833c0165334.tar.bz2
podman-9d81be961491ac965f6cc9fd96884833c0165334.zip
Make sure buildin volumes have the same ownership and permissions as image
When creating a new image volume to be mounted into a container, we need to make sure the new volume matches the Ownership and permissions of the path that it will be mounted on. For example if a volume inside of a containre image is owned by the database UID, we want the volume to be mounted onto the image to be owned by the database UID. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
-rw-r--r--docs/podman-load.1.md2
-rw-r--r--libpod/container_internal.go4
-rw-r--r--libpod/container_internal_linux.go17
-rw-r--r--libpod/container_internal_unsupported.go4
4 files changed, 26 insertions, 1 deletions
diff --git a/docs/podman-load.1.md b/docs/podman-load.1.md
index 8b6501a5c..5363f3f1e 100644
--- a/docs/podman-load.1.md
+++ b/docs/podman-load.1.md
@@ -4,7 +4,7 @@
podman\-load - Load an image from docker archive
## SYNOPSIS
-**podman load** *name*[:*tag*|@*digest*]
+**podman load** [ARCHIVE]
## DESCRIPTION
**podman load** copies an image from either **docker-archive** or **oci-archive** stored
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 872802016..ac2d65342 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -1429,5 +1429,9 @@ func (c *Container) copyWithTarFromImage(src, dest string) error {
}
a := archive.NewDefaultArchiver()
source := filepath.Join(mountpoint, src)
+
+ if err = c.copyOwnerAndPerms(source, dest); err != nil {
+ return err
+ }
return a.CopyWithTar(source, dest)
}
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index a7b4aed9f..2a7808bdf 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -982,3 +982,20 @@ func (c *Container) generatePasswd() (string, error) {
}
return passwdFile, nil
}
+
+func (c *Container) copyOwnerAndPerms(source, dest string) error {
+ info, err := os.Stat(source)
+ if err != nil {
+ if os.IsNotExist(err) {
+ return nil
+ }
+ return errors.Wrapf(err, "cannot stat `%s`", dest)
+ }
+ if err := os.Chmod(dest, info.Mode()); err != nil {
+ return errors.Wrapf(err, "cannot chmod `%s`", dest)
+ }
+ if err := os.Chown(dest, int(info.Sys().(*syscall.Stat_t).Uid), int(info.Sys().(*syscall.Stat_t).Gid)); err != nil {
+ return errors.Wrapf(err, "cannot chown `%s`", dest)
+ }
+ return nil
+}
diff --git a/libpod/container_internal_unsupported.go b/libpod/container_internal_unsupported.go
index 4af0cd56c..f707b350c 100644
--- a/libpod/container_internal_unsupported.go
+++ b/libpod/container_internal_unsupported.go
@@ -35,3 +35,7 @@ func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointO
func (c *Container) restore(ctx context.Context, options ContainerCheckpointOptions) error {
return ErrNotImplemented
}
+
+func (c *Container) copyOwnerAndPerms(source, dest string) error {
+ return nil
+}