diff options
| author | Matthew Heon <mheon@redhat.com> | 2021-03-19 14:55:08 -0400 |
|---|---|---|
| committer | Matthew Heon <matthew.heon@pm.me> | 2021-03-24 14:24:47 -0400 |
| commit | 452decf8a4e02c35413eb8dd691f2d4827972ec2 (patch) | |
| tree | a87efe4e2cc06d6ac6ba441ddf540c0af99c7d11 /test/e2e/run_volume_test.go | |
| parent | 5325957d536be3515fb7a782e4755afca38fca4c (diff) | |
| download | podman-452decf8a4e02c35413eb8dd691f2d4827972ec2.tar.gz podman-452decf8a4e02c35413eb8dd691f2d4827972ec2.tar.bz2 podman-452decf8a4e02c35413eb8dd691f2d4827972ec2.zip | |
Ensure manually-created volumes have correct ownership
As part of a fix for an earlier bug (#5698) we added the ability
for Podman to chown volumes to correctly match the user running
in the container, even in adverse circumstances (where we don't
know the right UID/GID until very late in the process). However,
we only did this for volumes created automatically by a
`podman run` or `podman create`. Volumes made by
`podman volume create` do not get this chown, so their
permissions may not be correct. I've looked, and I don't think
there's a good reason not to do this chwon for all volumes the
first time the container is started.
I would prefer to do this as part of volume copy-up, but I don't
think that's really possible (copy-up happens earlier in the
process and we don't have a spec). There is a small chance, as
things stand, that a copy-up happens for one container and then
a chown for a second, unrelated container, but the odds of this
are astronomically small (we'd need a very close race between two
starting containers).
Fixes #9608
Signed-off-by: Matthew Heon <mheon@redhat.com>
Diffstat (limited to 'test/e2e/run_volume_test.go')
| -rw-r--r-- | test/e2e/run_volume_test.go | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index 454dfdc83..85a4d6d52 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -643,4 +643,30 @@ VOLUME /test/` found, _ = session.GrepString("888:888") Expect(found).Should(BeTrue()) }) + + It("volume permissions after run", func() { + imgName := "testimg" + dockerfile := `FROM fedora-minimal +RUN useradd -m testuser -u 1005 +USER testuser` + podmanTest.BuildImage(dockerfile, imgName, "false") + + testString := "testuser testuser" + + test1 := podmanTest.Podman([]string{"run", "-v", "testvol1:/test", imgName, "bash", "-c", "ls -al /test | grep -v root | grep -v total"}) + test1.WaitWithDefaultTimeout() + Expect(test1.ExitCode()).To(Equal(0)) + Expect(strings.Contains(test1.OutputToString(), testString)).To(BeTrue()) + + volName := "testvol2" + vol := podmanTest.Podman([]string{"volume", "create", volName}) + vol.WaitWithDefaultTimeout() + Expect(vol.ExitCode()).To(Equal(0)) + + test2 := podmanTest.Podman([]string{"run", "-v", fmt.Sprintf("%s:/test", volName), imgName, "bash", "-c", "ls -al /test | grep -v root | grep -v total"}) + test2.WaitWithDefaultTimeout() + Expect(test2.ExitCode()).To(Equal(0)) + Expect(strings.Contains(test2.OutputToString(), testString)).To(BeTrue()) + + }) }) |