diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-06-15 16:13:13 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-06-15 16:13:13 -0400 |
commit | e405f1205378ab35d4e37eed3b94a683c26bb818 (patch) | |
tree | b554e084291141a46804d861fc68a4d906959ac9 /libpod/container_internal.go | |
parent | b422a4eb49182f6b90dae9ed041546cc46cc59db (diff) | |
parent | 81eb71fe36db14f82452b0ded176095b63cb4a4e (diff) | |
download | podman-e405f1205378ab35d4e37eed3b94a683c26bb818.tar.gz podman-e405f1205378ab35d4e37eed3b94a683c26bb818.tar.bz2 podman-e405f1205378ab35d4e37eed3b94a683c26bb818.zip |
Merge pull request #10531 from rhatdan/volume
Fix permissions on initially created named volumes
Diffstat (limited to 'libpod/container_internal.go')
-rw-r--r-- | libpod/container_internal.go | 60 |
1 files changed, 1 insertions, 59 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 3e4eea003..545b78976 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -1062,7 +1062,7 @@ func (c *Container) init(ctx context.Context, retainRetries bool) error { } for _, v := range c.config.NamedVolumes { - if err := c.chownVolume(v.Name); err != nil { + if err := c.fixVolumePermissions(v); err != nil { return err } } @@ -1681,64 +1681,6 @@ func (c *Container) mountNamedVolume(v *ContainerNamedVolume, mountpoint string) return vol, nil } -// Chown the specified volume if necessary. -func (c *Container) chownVolume(volumeName string) error { - vol, err := c.runtime.state.Volume(volumeName) - if err != nil { - return errors.Wrapf(err, "error retrieving named volume %s for container %s", volumeName, c.ID()) - } - - vol.lock.Lock() - defer vol.lock.Unlock() - - // The volume may need a copy-up. Check the state. - if err := vol.update(); err != nil { - return err - } - - // TODO: For now, I've disabled chowning volumes owned by non-Podman - // drivers. This may be safe, but it's really going to be a case-by-case - // thing, I think - safest to leave disabled now and re-enable later if - // there is a demand. - if vol.state.NeedsChown && !vol.UsesVolumeDriver() { - vol.state.NeedsChown = false - - uid := int(c.config.Spec.Process.User.UID) - gid := int(c.config.Spec.Process.User.GID) - - if c.config.IDMappings.UIDMap != nil { - p := idtools.IDPair{ - UID: uid, - GID: gid, - } - mappings := idtools.NewIDMappingsFromMaps(c.config.IDMappings.UIDMap, c.config.IDMappings.GIDMap) - newPair, err := mappings.ToHost(p) - if err != nil { - return errors.Wrapf(err, "error mapping user %d:%d", uid, gid) - } - uid = newPair.UID - gid = newPair.GID - } - - vol.state.UIDChowned = uid - vol.state.GIDChowned = gid - - if err := vol.save(); err != nil { - return err - } - - mountPoint, err := vol.MountPoint() - if err != nil { - return err - } - - if err := os.Lchown(mountPoint, uid, gid); err != nil { - return err - } - } - return nil -} - // cleanupStorage unmounts and cleans up the container's root filesystem func (c *Container) cleanupStorage() error { if !c.state.Mounted { |