Merge pull request #12528 from flouthoc/dont_modify_mount_permissions

volume: apply exact permission of target directory without adding extra `0111`

2 files changed, 13 insertions, 1 deletions

diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 956460c32..f3774a64f 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -2784,7 +2784,7 @@ func (c *Container) fixVolumePermissions(v *ContainerNamedVolume) error {
 					return err
 				}
 			}
-			if err := os.Chmod(mountPoint, st.Mode()|0111); err != nil {
+			if err := os.Chmod(mountPoint, st.Mode()); err != nil {
 				return err
 			}
 			stat := st.Sys().(*syscall.Stat_t)
diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go
index 3d05e0f70..c2817c551 100644
--- a/test/e2e/run_volume_test.go
+++ b/test/e2e/run_volume_test.go
@@ -762,6 +762,18 @@ USER testuser`, fedoraMinimal)
 
 	})
 
+	It("podman run with named volume check if we honor permission of target dir", func() {
+		session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "stat", "-c", "%a %Y", "/var/tmp"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		perms := session.OutputToString()
+
+		session = podmanTest.Podman([]string{"run", "--rm", "-v", "test:/var/tmp", ALPINE, "stat", "-c", "%a %Y", "/var/tmp"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(Equal(perms))
+	})
+
 	It("podman volume with uid and gid works", func() {
 		volName := "testVol"
 		volCreate := podmanTest.Podman([]string{"volume", "create", "--opt", "o=uid=1000", volName})