diff options
| author | Daniel J Walsh <dwalsh@redhat.com> | 2019-03-14 08:33:53 -0400 |
|---|---|---|
| committer | Daniel J Walsh <dwalsh@redhat.com> | 2019-03-15 10:44:44 -0400 |
| commit | 9d81be961491ac965f6cc9fd96884833c0165334 (patch) | |
| tree | f107bb824b7f8af5168c33dee8d946f9d16d6d0d /libpod | |
| parent | 37dcc0a305a1606de7c0f5521d11250a4318bb51 (diff) | |
| download | podman-9d81be961491ac965f6cc9fd96884833c0165334.tar.gz podman-9d81be961491ac965f6cc9fd96884833c0165334.tar.bz2 podman-9d81be961491ac965f6cc9fd96884833c0165334.zip | |
Make sure buildin volumes have the same ownership and permissions as image
When creating a new image volume to be mounted into a container, we need to
make sure the new volume matches the Ownership and permissions of the path
that it will be mounted on.
For example if a volume inside of a containre image is owned by the database
UID, we want the volume to be mounted onto the image to be owned by the
database UID.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/container_internal.go | 4 | ||||
| -rw-r--r-- | libpod/container_internal_linux.go | 17 | ||||
| -rw-r--r-- | libpod/container_internal_unsupported.go | 4 |
3 files changed, 25 insertions, 0 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 872802016..ac2d65342 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -1429,5 +1429,9 @@ func (c *Container) copyWithTarFromImage(src, dest string) error { } a := archive.NewDefaultArchiver() source := filepath.Join(mountpoint, src) + + if err = c.copyOwnerAndPerms(source, dest); err != nil { + return err + } return a.CopyWithTar(source, dest) } diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index a7b4aed9f..2a7808bdf 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -982,3 +982,20 @@ func (c *Container) generatePasswd() (string, error) { } return passwdFile, nil } + +func (c *Container) copyOwnerAndPerms(source, dest string) error { + info, err := os.Stat(source) + if err != nil { + if os.IsNotExist(err) { + return nil + } + return errors.Wrapf(err, "cannot stat `%s`", dest) + } + if err := os.Chmod(dest, info.Mode()); err != nil { + return errors.Wrapf(err, "cannot chmod `%s`", dest) + } + if err := os.Chown(dest, int(info.Sys().(*syscall.Stat_t).Uid), int(info.Sys().(*syscall.Stat_t).Gid)); err != nil { + return errors.Wrapf(err, "cannot chown `%s`", dest) + } + return nil +} diff --git a/libpod/container_internal_unsupported.go b/libpod/container_internal_unsupported.go index 4af0cd56c..f707b350c 100644 --- a/libpod/container_internal_unsupported.go +++ b/libpod/container_internal_unsupported.go @@ -35,3 +35,7 @@ func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointO func (c *Container) restore(ctx context.Context, options ContainerCheckpointOptions) error { return ErrNotImplemented } + +func (c *Container) copyOwnerAndPerms(source, dest string) error { + return nil +} |