diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2020-06-24 14:44:28 +0200 |
|---|---|---|
| committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2020-06-29 17:58:50 +0200 |
| commit | b32172e20bbb701e924684ee7ef443748a4f112b (patch) | |
| tree | 01a05f446b5bde43bd174591e909d136576bed50 /libpod/container_internal.go | |
| parent | 688cc0aee3f031661b930811b2d95df1d6c601ac (diff) | |
| download | podman-b32172e20bbb701e924684ee7ef443748a4f112b.tar.gz podman-b32172e20bbb701e924684ee7ef443748a4f112b.tar.bz2 podman-b32172e20bbb701e924684ee7ef443748a4f112b.zip | |
container: move volume chown after spec generation
move the chown for newly created volumes after the spec generation so
the correct UID/GID are known.
Closes: https://github.com/containers/libpod/issues/5698
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'libpod/container_internal.go')
| -rw-r--r-- | libpod/container_internal.go | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 2ae894139..27b795871 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -1015,6 +1015,12 @@ func (c *Container) init(ctx context.Context, retainRetries bool) error { return err } + for _, v := range c.config.NamedVolumes { + if err := c.chownVolume(v.Name); err != nil { + return err + } + } + // With the spec complete, do an OCI create if err := c.ociRuntime.CreateContainer(c, nil); err != nil { // Fedora 31 is carrying a patch to display improved error @@ -1508,6 +1514,48 @@ func (c *Container) mountNamedVolume(v *ContainerNamedVolume, mountpoint string) return vol, nil } +// Chown the specified volume if necessary. +func (c *Container) chownVolume(volumeName string) error { + vol, err := c.runtime.state.Volume(volumeName) + if err != nil { + return errors.Wrapf(err, "error retrieving named volume %s for container %s", volumeName, c.ID()) + } + + uid := int(c.config.Spec.Process.User.UID) + gid := int(c.config.Spec.Process.User.GID) + + vol.lock.Lock() + defer vol.lock.Unlock() + + // The volume may need a copy-up. Check the state. + if err := vol.update(); err != nil { + return err + } + + if vol.state.NeedsChown { + vol.state.NeedsChown = false + vol.state.UIDChowned = uid + vol.state.GIDChowned = gid + + if err := vol.save(); err != nil { + return err + } + err := filepath.Walk(vol.MountPoint(), func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + if err := os.Chown(path, uid, gid); err != nil { + return err + } + return nil + }) + if err != nil { + return err + } + } + return nil +} + // cleanupStorage unmounts and cleans up the container's root filesystem func (c *Container) cleanupStorage() error { if !c.state.Mounted { |