summaryrefslogtreecommitdiff
path: root/libpod/container_internal.go
diff options
context:
space:
mode:
authorMatthew Heon <matthew.heon@gmail.com>2018-10-16 13:25:27 -0400
committerGitHub <noreply@github.com>2018-10-16 13:25:27 -0400
commit81e63ac309e8bde6603faf07a98a7963e9397188 (patch)
treee2b174bc848a57bc9107e84657be3ad0e54346d0 /libpod/container_internal.go
parent2bc9a3c4bbaade50264b1dbf348d1521cdd8d8b5 (diff)
parent6dd6ce1ebcdb17023f09fad93698d09408227385 (diff)
downloadpodman-81e63ac309e8bde6603faf07a98a7963e9397188.tar.gz
podman-81e63ac309e8bde6603faf07a98a7963e9397188.tar.bz2
podman-81e63ac309e8bde6603faf07a98a7963e9397188.zip
Merge pull request #1609 from giuseppe/fix-volume-rootless
volume: resolve symlink paths in volumes
Diffstat (limited to 'libpod/container_internal.go')
-rw-r--r--libpod/container_internal.go27
1 files changed, 19 insertions, 8 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 447aa1d8b..40159194f 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -13,6 +13,7 @@ import (
"strings"
"syscall"
+ "github.com/containers/buildah/imagebuildah"
"github.com/containers/libpod/pkg/chrootuser"
"github.com/containers/libpod/pkg/hooks"
"github.com/containers/libpod/pkg/hooks/exec"
@@ -1193,8 +1194,6 @@ func (c *Container) addLocalVolumes(ctx context.Context, g *generate.Generator)
continue
}
volumePath := filepath.Join(c.config.StaticDir, "volumes", k)
- srcPath := filepath.Join(mountPoint, k)
-
var (
uid uint32
gid uint32
@@ -1209,31 +1208,43 @@ func (c *Container) addLocalVolumes(ctx context.Context, g *generate.Generator)
}
}
+ // Ensure the symlinks are resolved
+ resolvedSymlink, err := imagebuildah.ResolveSymLink(mountPoint, k)
+ if err != nil {
+ return errors.Wrapf(ErrCtrStateInvalid, "cannot resolve %s in %s for container %s", k, mountPoint, c.ID())
+ }
+ var srcPath string
+ if resolvedSymlink != "" {
+ srcPath = filepath.Join(mountPoint, resolvedSymlink)
+ } else {
+ srcPath = filepath.Join(mountPoint, k)
+ }
+
if _, err := os.Stat(srcPath); os.IsNotExist(err) {
logrus.Infof("Volume image mount point %s does not exist in root FS, need to create it", k)
if err = os.MkdirAll(srcPath, 0755); err != nil {
- return errors.Wrapf(err, "error creating directory %q for volume %q in container %q", volumePath, k, c.ID)
+ return errors.Wrapf(err, "error creating directory %q for volume %q in container %q", volumePath, k, c.ID())
}
if err = os.Chown(srcPath, int(uid), int(gid)); err != nil {
- return errors.Wrapf(err, "error chowning directory %q for volume %q in container %q", srcPath, k, c.ID)
+ return errors.Wrapf(err, "error chowning directory %q for volume %q in container %q", srcPath, k, c.ID())
}
}
if _, err := os.Stat(volumePath); os.IsNotExist(err) {
if err = os.MkdirAll(volumePath, 0755); err != nil {
- return errors.Wrapf(err, "error creating directory %q for volume %q in container %q", volumePath, k, c.ID)
+ return errors.Wrapf(err, "error creating directory %q for volume %q in container %q", volumePath, k, c.ID())
}
if err = os.Chown(volumePath, int(uid), int(gid)); err != nil {
- return errors.Wrapf(err, "error chowning directory %q for volume %q in container %q", volumePath, k, c.ID)
+ return errors.Wrapf(err, "error chowning directory %q for volume %q in container %q", volumePath, k, c.ID())
}
if err = label.Relabel(volumePath, c.config.MountLabel, false); err != nil {
- return errors.Wrapf(err, "error relabeling directory %q for volume %q in container %q", volumePath, k, c.ID)
+ return errors.Wrapf(err, "error relabeling directory %q for volume %q in container %q", volumePath, k, c.ID())
}
if err = chrootarchive.NewArchiver(nil).CopyWithTar(srcPath, volumePath); err != nil && !os.IsNotExist(err) {
- return errors.Wrapf(err, "error populating directory %q for volume %q in container %q using contents of %q", volumePath, k, c.ID, srcPath)
+ return errors.Wrapf(err, "error populating directory %q for volume %q in container %q using contents of %q", volumePath, k, c.ID(), srcPath)
}
// Set the volume path with the same owner and permission of source path