summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAditya Rajan <arajan@redhat.com>2021-10-12 16:43:43 +0530
committerAditya Rajan <arajan@redhat.com>2021-10-19 16:12:07 +0530
commit9500e11a8f1c3380c0a6a8e6ca01df862c6d640c (patch)
tree405f12619fb463a77237d28dd15d8495f468a33a
parente0ffc431fe7f016124fdcb36819698a90fe448a9 (diff)
downloadpodman-9500e11a8f1c3380c0a6a8e6ca01df862c6d640c.tar.gz
podman-9500e11a8f1c3380c0a6a8e6ca01df862c6d640c.tar.bz2
podman-9500e11a8f1c3380c0a6a8e6ca01df862c6d640c.zip
libpod: change mountpoint ownership c.Root when using overlay on top of external rootfs
Allow chainging ownership of mountpoint created on top external overlay rootfs to support use-cases when custom --uidmap and --gidmap are specified. Signed-off-by: Aditya Rajan <arajan@redhat.com>
-rw-r--r--libpod/container_internal.go23
-rw-r--r--test/e2e/run_test.go12
2 files changed, 33 insertions, 2 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 4e8074840..bfed94990 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -17,12 +17,14 @@ import (
"github.com/containers/buildah/copier"
"github.com/containers/buildah/pkg/overlay"
butil "github.com/containers/buildah/util"
+ "github.com/containers/common/pkg/chown"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/events"
"github.com/containers/podman/v3/pkg/cgroups"
"github.com/containers/podman/v3/pkg/ctime"
"github.com/containers/podman/v3/pkg/hooks"
"github.com/containers/podman/v3/pkg/hooks/exec"
+ "github.com/containers/podman/v3/pkg/lookup"
"github.com/containers/podman/v3/pkg/rootless"
"github.com/containers/podman/v3/pkg/selinux"
"github.com/containers/podman/v3/pkg/util"
@@ -485,8 +487,12 @@ func (c *Container) setupStorage(ctx context.Context) error {
return errors.Wrapf(err, "error creating container storage")
}
- c.config.IDMappings.UIDMap = containerInfo.UIDMap
- c.config.IDMappings.GIDMap = containerInfo.GIDMap
+ // only reconfig IDMappings if layer was mounted from storage
+ // if its a external overlay do not reset IDmappings
+ if !c.config.RootfsOverlay {
+ c.config.IDMappings.UIDMap = containerInfo.UIDMap
+ c.config.IDMappings.GIDMap = containerInfo.GIDMap
+ }
processLabel, err := c.processLabel(containerInfo.ProcessLabel)
if err != nil {
@@ -1515,6 +1521,19 @@ func (c *Container) mountStorage() (_ string, deferredErr error) {
}
mountPoint = overlayMount.Source
+ execUser, err := lookup.GetUserGroupInfo(mountPoint, c.config.User, nil)
+ if err != nil {
+ return "", err
+ }
+ hostUID, hostGID, err := butil.GetHostIDs(util.IDtoolsToRuntimeSpec(c.config.IDMappings.UIDMap), util.IDtoolsToRuntimeSpec(c.config.IDMappings.GIDMap), uint32(execUser.Uid), uint32(execUser.Gid))
+ if err != nil {
+ return "", errors.Wrap(err, "unable to get host UID and host GID")
+ }
+
+ //note: this should not be recursive, if using external rootfs users should be responsible on configuring ownership.
+ if err := chown.ChangeHostPathOwnership(mountPoint, false, int(hostUID), int(hostGID)); err != nil {
+ return "", err
+ }
}
if mountPoint == "" {
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index f40d4a749..8502879ff 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -259,6 +259,18 @@ var _ = Describe("Podman run", func() {
startsession.WaitWithDefaultTimeout()
Expect(startsession).Should(Exit(0))
Expect(startsession.OutputToString()).To(Equal("hello"))
+
+ // remove container for above test overlay-foo
+ osession = podmanTest.Podman([]string{"rm", "overlay-foo"})
+ osession.WaitWithDefaultTimeout()
+ Expect(osession).Should(Exit(0))
+
+ // Test --rootfs with an external overlay with --uidmap
+ osession = podmanTest.Podman([]string{"run", "--uidmap", "0:1000:1000", "--rm", "--security-opt", "label=disable",
+ "--rootfs", rootfs + ":O", "echo", "hello"})
+ osession.WaitWithDefaultTimeout()
+ Expect(osession).Should(Exit(0))
+ Expect(osession.OutputToString()).To(Equal("hello"))
})
It("podman run a container with --init", func() {