fix: uid/gid for volume mounted to existing dir

If mounting to existing directory the uid/gid should be preserved.
Primary uid/gid of container shouldn't be used.

Signed-off-by: Matej Vasek <mvasek@redhat.com>

2 files changed, 19 insertions, 0 deletions

diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 850af235f..b69ad4105 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -2490,6 +2490,11 @@ func (c *Container) fixVolumePermissions(v *ContainerNamedVolume) error {
 		// https://github.com/containers/podman/issues/10188
 		st, err := os.Lstat(filepath.Join(c.state.Mountpoint, v.Dest))
 		if err == nil {
+			if stat, ok := st.Sys().(*syscall.Stat_t); ok {
+				if err := os.Lchown(mountPoint, int(stat.Uid), int(stat.Gid)); err != nil {
+					return err
+				}
+			}
 			if err := os.Chmod(mountPoint, st.Mode()|0111); err != nil {
 				return err
 			}
diff --git a/test/python/docker/compat/test_containers.py b/test/python/docker/compat/test_containers.py
index 511ab1451..38ac5b59f 100644
--- a/test/python/docker/compat/test_containers.py
+++ b/test/python/docker/compat/test_containers.py
@@ -7,6 +7,7 @@ from typing import IO, Optional
 
 from docker import DockerClient, errors
 from docker.models.containers import Container
+from docker.models.images import Image
 
 from test.python.docker import Podman
 from test.python.docker.compat import common, constant
@@ -237,3 +238,16 @@ class TestContainers(unittest.TestCase):
             if ctr is not None:
                 ctr.stop()
                 ctr.remove()
+
+    def test_mount_preexisting_dir(self):
+        dockerfile = (B'FROM quay.io/libpod/alpine:latest\n'
+                      B'USER root\n'
+                      B'RUN mkdir -p /workspace\n'
+                      B'RUN chown 1042:1043 /workspace')
+        img: Image
+        img, out = self.client.images.build(fileobj=io.BytesIO(dockerfile))
+        ctr: Container = self.client.containers.create(image=img.id, detach=True, command="top",
+                                                       volumes=["test_mount_preexisting_dir_vol:/workspace"])
+        ctr.start()
+        ret, out = ctr.exec_run(["stat", "-c", "%u:%g", "/workspace"])
+        self.assertTrue(out.startswith(b'1042:1043'), "assert correct uid/gid")