summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2021-03-25 03:09:25 -0700
committerGitHub <noreply@github.com>2021-03-25 03:09:25 -0700
commit896ea085b1524750ce5ac4599dc3e2fd2972048c (patch)
tree7588deece106c66651e6b99676f2ef8249536a6b
parent95ef8a6f0398e8c62f9d1281638ec95823336c6a (diff)
parent452decf8a4e02c35413eb8dd691f2d4827972ec2 (diff)
downloadpodman-896ea085b1524750ce5ac4599dc3e2fd2972048c.tar.gz
podman-896ea085b1524750ce5ac4599dc3e2fd2972048c.tar.bz2
podman-896ea085b1524750ce5ac4599dc3e2fd2972048c.zip
Merge pull request #9768 from mheon/fix_9608
Ensure manually-created volumes have correct ownership
-rw-r--r--libpod/options.go13
-rw-r--r--libpod/runtime_ctr.go2
-rw-r--r--libpod/volume_internal.go1
-rw-r--r--test/e2e/run_volume_test.go26
4 files changed, 28 insertions, 14 deletions
diff --git a/libpod/options.go b/libpod/options.go
index 2d64abcdf..24e9d74f4 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -1618,19 +1618,6 @@ func WithVolumeGID(gid int) VolumeCreateOption {
}
}
-// WithVolumeNeedsChown sets the NeedsChown flag for the volume.
-func WithVolumeNeedsChown() VolumeCreateOption {
- return func(volume *Volume) error {
- if volume.valid {
- return define.ErrVolumeFinalized
- }
-
- volume.state.NeedsChown = true
-
- return nil
- }
-}
-
// withSetAnon sets a bool notifying libpod that this volume is anonymous and
// should be removed when containers using it are removed and volumes are
// specified for removal.
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index 19690d79b..537618b65 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -392,7 +392,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
logrus.Debugf("Creating new volume %s for container", vol.Name)
// The volume does not exist, so we need to create it.
- volOptions := []VolumeCreateOption{WithVolumeName(vol.Name), WithVolumeUID(ctr.RootUID()), WithVolumeGID(ctr.RootGID()), WithVolumeNeedsChown()}
+ volOptions := []VolumeCreateOption{WithVolumeName(vol.Name), WithVolumeUID(ctr.RootUID()), WithVolumeGID(ctr.RootGID())}
if isAnonymous {
volOptions = append(volOptions, withSetAnon())
}
diff --git a/libpod/volume_internal.go b/libpod/volume_internal.go
index c1dbe00fd..694cdd149 100644
--- a/libpod/volume_internal.go
+++ b/libpod/volume_internal.go
@@ -17,6 +17,7 @@ func newVolume(runtime *Runtime) *Volume {
volume.config.Labels = make(map[string]string)
volume.config.Options = make(map[string]string)
volume.state.NeedsCopyUp = true
+ volume.state.NeedsChown = true
return volume
}
diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go
index 454dfdc83..85a4d6d52 100644
--- a/test/e2e/run_volume_test.go
+++ b/test/e2e/run_volume_test.go
@@ -643,4 +643,30 @@ VOLUME /test/`
found, _ = session.GrepString("888:888")
Expect(found).Should(BeTrue())
})
+
+ It("volume permissions after run", func() {
+ imgName := "testimg"
+ dockerfile := `FROM fedora-minimal
+RUN useradd -m testuser -u 1005
+USER testuser`
+ podmanTest.BuildImage(dockerfile, imgName, "false")
+
+ testString := "testuser testuser"
+
+ test1 := podmanTest.Podman([]string{"run", "-v", "testvol1:/test", imgName, "bash", "-c", "ls -al /test | grep -v root | grep -v total"})
+ test1.WaitWithDefaultTimeout()
+ Expect(test1.ExitCode()).To(Equal(0))
+ Expect(strings.Contains(test1.OutputToString(), testString)).To(BeTrue())
+
+ volName := "testvol2"
+ vol := podmanTest.Podman([]string{"volume", "create", volName})
+ vol.WaitWithDefaultTimeout()
+ Expect(vol.ExitCode()).To(Equal(0))
+
+ test2 := podmanTest.Podman([]string{"run", "-v", fmt.Sprintf("%s:/test", volName), imgName, "bash", "-c", "ls -al /test | grep -v root | grep -v total"})
+ test2.WaitWithDefaultTimeout()
+ Expect(test2.ExitCode()).To(Equal(0))
+ Expect(strings.Contains(test2.OutputToString(), testString)).To(BeTrue())
+
+ })
})