summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorEduardo Vega <edvegavalerio@gmail.com>2021-01-05 19:50:58 -0600
committerEduardo Vega <edvegavalerio@gmail.com>2021-02-22 22:55:19 -0600
commit874f2327e6ca963edda7cc46819d51048d3d19a8 (patch)
tree2b138dda345970e5898593162c38e10d4909fabd /libpod
parent96fc9d983e0fc5bae48c3cec3acce86cdb6e1059 (diff)
downloadpodman-874f2327e6ca963edda7cc46819d51048d3d19a8.tar.gz
podman-874f2327e6ca963edda7cc46819d51048d3d19a8.tar.bz2
podman-874f2327e6ca963edda7cc46819d51048d3d19a8.zip
Add U volume flag to chown source volumes
Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
Diffstat (limited to 'libpod')
-rw-r--r--libpod/container.go2
-rw-r--r--libpod/container_internal_linux.go36
-rw-r--r--libpod/options.go5
3 files changed, 39 insertions, 4 deletions
diff --git a/libpod/container.go b/libpod/container.go
index 9841bddf7..ee6e243ac 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -236,6 +236,8 @@ type ContainerOverlayVolume struct {
Dest string `json:"dest"`
// Source specifies the source path of the mount.
Source string `json:"source,omitempty"`
+ // Options holds overlay volume options.
+ Options []string `json:"options,omitempty"`
}
// ContainerImageVolume is a volume based on a container image. The container
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 43a345ea9..9c3e91a97 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -23,7 +23,9 @@ import (
"github.com/containernetworking/plugins/pkg/ns"
"github.com/containers/buildah/pkg/chrootuser"
"github.com/containers/buildah/pkg/overlay"
+ butil "github.com/containers/buildah/util"
"github.com/containers/common/pkg/apparmor"
+ "github.com/containers/common/pkg/chown"
"github.com/containers/common/pkg/config"
"github.com/containers/common/pkg/subscriptions"
"github.com/containers/common/pkg/umask"
@@ -356,13 +358,28 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
return nil, err
}
- // Check if the spec file mounts contain the label Relabel flags z or Z.
- // If they do, relabel the source directory and then remove the option.
+ // Get host UID and GID based on the container process UID and GID.
+ hostUID, hostGID, err := butil.GetHostIDs(util.IDtoolsToRuntimeSpec(c.config.IDMappings.UIDMap), util.IDtoolsToRuntimeSpec(c.config.IDMappings.GIDMap), uint32(execUser.Uid), uint32(execUser.Gid))
+ if err != nil {
+ return nil, err
+ }
+
+ // Check if the spec file mounts contain the options z, Z or U.
+ // If they have z or Z, relabel the source directory and then remove the option.
+ // If they have U, chown the source directory and them remove the option.
for i := range g.Config.Mounts {
m := &g.Config.Mounts[i]
var options []string
for _, o := range m.Options {
switch o {
+ case "U":
+ if m.Type == "tmpfs" {
+ options = append(options, []string{fmt.Sprintf("uid=%d", execUser.Uid), fmt.Sprintf("gid=%d", execUser.Gid)}...)
+ } else {
+ if err := chown.ChangeHostPathOwnership(m.Source, true, int(hostUID), int(hostGID)); err != nil {
+ return nil, err
+ }
+ }
case "z":
fallthrough
case "Z":
@@ -427,6 +444,21 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
if err != nil {
return nil, errors.Wrapf(err, "mounting overlay failed %q", overlayVol.Source)
}
+
+ // Check overlay volume options
+ for _, o := range overlayVol.Options {
+ switch o {
+ case "U":
+ if err := chown.ChangeHostPathOwnership(overlayVol.Source, true, int(hostUID), int(hostGID)); err != nil {
+ return nil, err
+ }
+
+ if err := chown.ChangeHostPathOwnership(contentDir, true, int(hostUID), int(hostGID)); err != nil {
+ return nil, err
+ }
+ }
+ }
+
g.AddMount(overlayMount)
}
diff --git a/libpod/options.go b/libpod/options.go
index 627ea8c57..6344e1acc 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -1429,8 +1429,9 @@ func WithOverlayVolumes(volumes []*ContainerOverlayVolume) CtrCreateOption {
for _, vol := range volumes {
ctr.config.OverlayVolumes = append(ctr.config.OverlayVolumes, &ContainerOverlayVolume{
- Dest: vol.Dest,
- Source: vol.Source,
+ Dest: vol.Dest,
+ Source: vol.Source,
+ Options: vol.Options,
})
}