diff options
author | Marco Vedovati <mvedovati@suse.com> | 2018-06-15 12:13:19 +0200 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-06-22 14:06:05 +0000 |
commit | bb4db6d54873c05d0654ab848c09c24a76c95a73 (patch) | |
tree | a41d95f6ffe96a5d88bdafb520b32a7083b1f73a | |
parent | 1d9e884232c5f89a896617f056fbfcceba1dea31 (diff) | |
download | podman-bb4db6d54873c05d0654ab848c09c24a76c95a73.tar.gz podman-bb4db6d54873c05d0654ab848c09c24a76c95a73.tar.bz2 podman-bb4db6d54873c05d0654ab848c09c24a76c95a73.zip |
Fix image volumes access and mount problems on restart
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
- Set srcPath permissions so that the container user can R/W it.
- Fix uninitialized spec.Mount when restarting a container.
- Check for srcPath instead of volumePath existence when setting up a
volume mount point for a container.
- Set the overlay volumePath with the same owner and permissions as
srcPath to allow proper access by the container user.
Closes #844
Closes: #951
Approved by: rhatdan
-rw-r--r-- | libpod/container_internal.go | 44 |
1 files changed, 41 insertions, 3 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go index bcaa2c6c3..f3be6f73b 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -1361,19 +1361,57 @@ func (c *Container) addImageVolumes(ctx context.Context, g *generate.Generator) continue } volumePath := filepath.Join(c.config.StaticDir, "volumes", k) - if _, err := os.Stat(volumePath); os.IsNotExist(err) { + srcPath := filepath.Join(mountPoint, k) + + if _, err := os.Stat(srcPath); os.IsNotExist(err) { + logrus.Infof("Volume image mount point %s does not exist in root FS, need to create it", k) if err = os.MkdirAll(volumePath, 0755); err != nil { return errors.Wrapf(err, "error creating directory %q for volume %q in container %q", volumePath, k, c.ID) } + + if c.config.User != "" { + if !c.state.Mounted { + return errors.Wrapf(ErrCtrStateInvalid, "container %s must be mounted in order to translate User field", c.ID()) + } + uid, gid, err := chrootuser.GetUser(c.state.Mountpoint, c.config.User) + if err != nil { + return err + } + + if err = os.Chown(volumePath, int(uid), int(gid)); err != nil { + return errors.Wrapf(err, "error chowning directory %q for volume %q in container %q", volumePath, k, c.ID) + } + } + } + + if _, err := os.Stat(volumePath); os.IsNotExist(err) { + if err = label.Relabel(volumePath, c.config.MountLabel, false); err != nil { return errors.Wrapf(err, "error relabeling directory %q for volume %q in container %q", volumePath, k, c.ID) } - srcPath := filepath.Join(mountPoint, k) if err = chrootarchive.NewArchiver(nil).CopyWithTar(srcPath, volumePath); err != nil && !os.IsNotExist(err) { return errors.Wrapf(err, "error populating directory %q for volume %q in container %q using contents of %q", volumePath, k, c.ID, srcPath) } - mount.Source = volumePath + + // Set the volume path with the same owner and permission of source path + sstat, _ := os.Stat(srcPath) + st, ok := sstat.Sys().(*syscall.Stat_t) + if !ok { + return fmt.Errorf("could not convert to syscall.Stat_t") + } + uid := int(st.Uid) + gid := int(st.Gid) + + if err := os.Lchown(volumePath, uid, gid); err != nil { + return err + } + if os.Chmod(volumePath, sstat.Mode()); err != nil { + return err + } + } + + mount.Source = volumePath g.AddMount(mount) } return nil |