diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2020-06-24 14:44:28 +0200 |
---|---|---|
committer | Matthew Heon <matthew.heon@pm.me> | 2020-07-06 13:31:21 -0400 |
commit | eb85f429073d7dca0d2d01a1afe5a972ca9b429b (patch) | |
tree | 3d13a945d2dced49b1c06147873d3e23a8ab0432 /libpod/container_internal.go | |
parent | f5b368400c1b7a1b1bdbb90f6a0d9fcbbd6802d0 (diff) | |
download | podman-eb85f429073d7dca0d2d01a1afe5a972ca9b429b.tar.gz podman-eb85f429073d7dca0d2d01a1afe5a972ca9b429b.tar.bz2 podman-eb85f429073d7dca0d2d01a1afe5a972ca9b429b.zip |
container: move volume chown after spec generation
move the chown for newly created volumes after the spec generation so
the correct UID/GID are known.
Closes: https://github.com/containers/libpod/issues/5698
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'libpod/container_internal.go')
-rw-r--r-- | libpod/container_internal.go | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go index e86512569..7a547e565 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -1015,6 +1015,12 @@ func (c *Container) init(ctx context.Context, retainRetries bool) error { return err } + for _, v := range c.config.NamedVolumes { + if err := c.chownVolume(v.Name); err != nil { + return err + } + } + // With the spec complete, do an OCI create if err := c.ociRuntime.CreateContainer(c, nil); err != nil { // Fedora 31 is carrying a patch to display improved error @@ -1508,6 +1514,48 @@ func (c *Container) mountNamedVolume(v *ContainerNamedVolume, mountpoint string) return vol, nil } +// Chown the specified volume if necessary. +func (c *Container) chownVolume(volumeName string) error { + vol, err := c.runtime.state.Volume(volumeName) + if err != nil { + return errors.Wrapf(err, "error retrieving named volume %s for container %s", volumeName, c.ID()) + } + + uid := int(c.config.Spec.Process.User.UID) + gid := int(c.config.Spec.Process.User.GID) + + vol.lock.Lock() + defer vol.lock.Unlock() + + // The volume may need a copy-up. Check the state. + if err := vol.update(); err != nil { + return err + } + + if vol.state.NeedsChown { + vol.state.NeedsChown = false + vol.state.UIDChowned = uid + vol.state.GIDChowned = gid + + if err := vol.save(); err != nil { + return err + } + err := filepath.Walk(vol.MountPoint(), func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + if err := os.Chown(path, uid, gid); err != nil { + return err + } + return nil + }) + if err != nil { + return err + } + } + return nil +} + // cleanupStorage unmounts and cleans up the container's root filesystem func (c *Container) cleanupStorage() error { if !c.state.Mounted { |