summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarco Vedovati <mvedovati@suse.com>2018-06-15 12:13:19 +0200
committerAtomic Bot <atomic-devel@projectatomic.io>2018-06-22 14:06:05 +0000
commitbb4db6d54873c05d0654ab848c09c24a76c95a73 (patch)
treea41d95f6ffe96a5d88bdafb520b32a7083b1f73a
parent1d9e884232c5f89a896617f056fbfcceba1dea31 (diff)
downloadpodman-bb4db6d54873c05d0654ab848c09c24a76c95a73.tar.gz
podman-bb4db6d54873c05d0654ab848c09c24a76c95a73.tar.bz2
podman-bb4db6d54873c05d0654ab848c09c24a76c95a73.zip
Fix image volumes access and mount problems on restart
Signed-off-by: Marco Vedovati <mvedovati@suse.com> - Set srcPath permissions so that the container user can R/W it. - Fix uninitialized spec.Mount when restarting a container. - Check for srcPath instead of volumePath existence when setting up a volume mount point for a container. - Set the overlay volumePath with the same owner and permissions as srcPath to allow proper access by the container user. Closes #844 Closes: #951 Approved by: rhatdan
-rw-r--r--libpod/container_internal.go44
1 files changed, 41 insertions, 3 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index bcaa2c6c3..f3be6f73b 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -1361,19 +1361,57 @@ func (c *Container) addImageVolumes(ctx context.Context, g *generate.Generator)
continue
}
volumePath := filepath.Join(c.config.StaticDir, "volumes", k)
- if _, err := os.Stat(volumePath); os.IsNotExist(err) {
+ srcPath := filepath.Join(mountPoint, k)
+
+ if _, err := os.Stat(srcPath); os.IsNotExist(err) {
+ logrus.Infof("Volume image mount point %s does not exist in root FS, need to create it", k)
if err = os.MkdirAll(volumePath, 0755); err != nil {
return errors.Wrapf(err, "error creating directory %q for volume %q in container %q", volumePath, k, c.ID)
}
+
+ if c.config.User != "" {
+ if !c.state.Mounted {
+ return errors.Wrapf(ErrCtrStateInvalid, "container %s must be mounted in order to translate User field", c.ID())
+ }
+ uid, gid, err := chrootuser.GetUser(c.state.Mountpoint, c.config.User)
+ if err != nil {
+ return err
+ }
+
+ if err = os.Chown(volumePath, int(uid), int(gid)); err != nil {
+ return errors.Wrapf(err, "error chowning directory %q for volume %q in container %q", volumePath, k, c.ID)
+ }
+ }
+ }
+
+ if _, err := os.Stat(volumePath); os.IsNotExist(err) {
+
if err = label.Relabel(volumePath, c.config.MountLabel, false); err != nil {
return errors.Wrapf(err, "error relabeling directory %q for volume %q in container %q", volumePath, k, c.ID)
}
- srcPath := filepath.Join(mountPoint, k)
if err = chrootarchive.NewArchiver(nil).CopyWithTar(srcPath, volumePath); err != nil && !os.IsNotExist(err) {
return errors.Wrapf(err, "error populating directory %q for volume %q in container %q using contents of %q", volumePath, k, c.ID, srcPath)
}
- mount.Source = volumePath
+
+ // Set the volume path with the same owner and permission of source path
+ sstat, _ := os.Stat(srcPath)
+ st, ok := sstat.Sys().(*syscall.Stat_t)
+ if !ok {
+ return fmt.Errorf("could not convert to syscall.Stat_t")
+ }
+ uid := int(st.Uid)
+ gid := int(st.Gid)
+
+ if err := os.Lchown(volumePath, uid, gid); err != nil {
+ return err
+ }
+ if os.Chmod(volumePath, sstat.Mode()); err != nil {
+ return err
+ }
+
}
+
+ mount.Source = volumePath
g.AddMount(mount)
}
return nil