aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAditya Rajan <arajan@redhat.com>2021-12-07 15:08:52 +0530
committerAditya Rajan <arajan@redhat.com>2021-12-07 15:42:12 +0530
commit7d0fd175f1bcb6bb2bb9ccb83426f35c001599b2 (patch)
tree894155d3477fafea07f84697bc8d69f661b7e8d3
parent7d290b3f6245d2bc68e3cb689c5b3252561ae566 (diff)
downloadpodman-7d0fd175f1bcb6bb2bb9ccb83426f35c001599b2.tar.gz
podman-7d0fd175f1bcb6bb2bb9ccb83426f35c001599b2.tar.bz2
podman-7d0fd175f1bcb6bb2bb9ccb83426f35c001599b2.zip
volume: apply exact permission of target directory without adding extra 0111
While trying to match permissions of target directory podman adds extra `0111` which should not be needed if target path does not have execute permission. Signed-off-by: Aditya Rajan <arajan@redhat.com>
-rw-r--r--libpod/container_internal_linux.go2
-rw-r--r--test/e2e/run_volume_test.go12
2 files changed, 13 insertions, 1 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 956460c32..f3774a64f 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -2784,7 +2784,7 @@ func (c *Container) fixVolumePermissions(v *ContainerNamedVolume) error {
return err
}
}
- if err := os.Chmod(mountPoint, st.Mode()|0111); err != nil {
+ if err := os.Chmod(mountPoint, st.Mode()); err != nil {
return err
}
stat := st.Sys().(*syscall.Stat_t)
diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go
index 3d05e0f70..c2817c551 100644
--- a/test/e2e/run_volume_test.go
+++ b/test/e2e/run_volume_test.go
@@ -762,6 +762,18 @@ USER testuser`, fedoraMinimal)
})
+ It("podman run with named volume check if we honor permission of target dir", func() {
+ session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "stat", "-c", "%a %Y", "/var/tmp"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ perms := session.OutputToString()
+
+ session = podmanTest.Podman([]string{"run", "--rm", "-v", "test:/var/tmp", ALPINE, "stat", "-c", "%a %Y", "/var/tmp"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ Expect(session.OutputToString()).To(Equal(perms))
+ })
+
It("podman volume with uid and gid works", func() {
volName := "testVol"
volCreate := podmanTest.Podman([]string{"volume", "create", "--opt", "o=uid=1000", volName})