summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorAditya Rajan <arajan@redhat.com>2021-10-12 16:43:43 +0530
committerAditya Rajan <arajan@redhat.com>2021-10-19 16:12:07 +0530
commit9500e11a8f1c3380c0a6a8e6ca01df862c6d640c (patch)
tree405f12619fb463a77237d28dd15d8495f468a33a /libpod
parente0ffc431fe7f016124fdcb36819698a90fe448a9 (diff)
downloadpodman-9500e11a8f1c3380c0a6a8e6ca01df862c6d640c.tar.gz
podman-9500e11a8f1c3380c0a6a8e6ca01df862c6d640c.tar.bz2
podman-9500e11a8f1c3380c0a6a8e6ca01df862c6d640c.zip
libpod: change mountpoint ownership c.Root when using overlay on top of external rootfs
Allow chainging ownership of mountpoint created on top external overlay rootfs to support use-cases when custom --uidmap and --gidmap are specified. Signed-off-by: Aditya Rajan <arajan@redhat.com>
Diffstat (limited to 'libpod')
-rw-r--r--libpod/container_internal.go23
1 files changed, 21 insertions, 2 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 4e8074840..bfed94990 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -17,12 +17,14 @@ import (
"github.com/containers/buildah/copier"
"github.com/containers/buildah/pkg/overlay"
butil "github.com/containers/buildah/util"
+ "github.com/containers/common/pkg/chown"
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/events"
"github.com/containers/podman/v3/pkg/cgroups"
"github.com/containers/podman/v3/pkg/ctime"
"github.com/containers/podman/v3/pkg/hooks"
"github.com/containers/podman/v3/pkg/hooks/exec"
+ "github.com/containers/podman/v3/pkg/lookup"
"github.com/containers/podman/v3/pkg/rootless"
"github.com/containers/podman/v3/pkg/selinux"
"github.com/containers/podman/v3/pkg/util"
@@ -485,8 +487,12 @@ func (c *Container) setupStorage(ctx context.Context) error {
return errors.Wrapf(err, "error creating container storage")
}
- c.config.IDMappings.UIDMap = containerInfo.UIDMap
- c.config.IDMappings.GIDMap = containerInfo.GIDMap
+ // only reconfig IDMappings if layer was mounted from storage
+ // if its a external overlay do not reset IDmappings
+ if !c.config.RootfsOverlay {
+ c.config.IDMappings.UIDMap = containerInfo.UIDMap
+ c.config.IDMappings.GIDMap = containerInfo.GIDMap
+ }
processLabel, err := c.processLabel(containerInfo.ProcessLabel)
if err != nil {
@@ -1515,6 +1521,19 @@ func (c *Container) mountStorage() (_ string, deferredErr error) {
}
mountPoint = overlayMount.Source
+ execUser, err := lookup.GetUserGroupInfo(mountPoint, c.config.User, nil)
+ if err != nil {
+ return "", err
+ }
+ hostUID, hostGID, err := butil.GetHostIDs(util.IDtoolsToRuntimeSpec(c.config.IDMappings.UIDMap), util.IDtoolsToRuntimeSpec(c.config.IDMappings.GIDMap), uint32(execUser.Uid), uint32(execUser.Gid))
+ if err != nil {
+ return "", errors.Wrap(err, "unable to get host UID and host GID")
+ }
+
+ //note: this should not be recursive, if using external rootfs users should be responsible on configuring ownership.
+ if err := chown.ChangeHostPathOwnership(mountPoint, false, int(hostUID), int(hostGID)); err != nil {
+ return "", err
+ }
}
if mountPoint == "" {