diff options
| -rw-r--r-- | cmd/podman/root.go | 2 | ||||
| -rw-r--r-- | docs/source/markdown/podman-run.1.md | 2 | ||||
| -rw-r--r-- | libpod/container_internal_linux.go | 26 | ||||
| -rw-r--r-- | pkg/bindings/connection.go | 2 | ||||
| -rw-r--r-- | test/e2e/run_working_dir_test.go | 6 |
5 files changed, 25 insertions, 13 deletions
diff --git a/cmd/podman/root.go b/cmd/podman/root.go index 0ee530242..1f613a4c5 100644 --- a/cmd/podman/root.go +++ b/cmd/podman/root.go @@ -158,7 +158,7 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error { // Prep the engines if _, err := registry.NewImageEngine(cmd, args); err != nil { - return errors.Wrapf(err, "Cannot connect to the Podman socket, make sure there is a Podman REST API service running.") + return err } if _, err := registry.NewContainerEngine(cmd, args); err != nil { return err diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index 49b45f4f8..8c0b12e90 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -714,7 +714,7 @@ Override the OS, defaults to hosts, of the image to be pulled. For example, `win #### **--pid**=*mode* Set the PID namespace mode for the container. -The efault is to create a private PID namespace for the container. +The default is to create a private PID namespace for the container. - **container:**_id_: join another container's PID namespace; - **host**: use the host's PID namespace for the container. Note the host mode gives the container full access to local PID and is therefore considered insecure; diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index a3476f42e..f23a5233c 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -21,6 +21,7 @@ import ( cnitypes "github.com/containernetworking/cni/pkg/types/current" "github.com/containernetworking/plugins/pkg/ns" + "github.com/containers/buildah/pkg/chrootuser" "github.com/containers/buildah/pkg/overlay" "github.com/containers/common/pkg/apparmor" "github.com/containers/common/pkg/config" @@ -203,10 +204,17 @@ func (c *Container) resolveWorkDir() error { } logrus.Debugf("Workdir %q resolved to host path %q", workdir, resolvedWorkdir) - // No need to create it (e.g., `--workdir=/foo`), so let's make sure - // the path exists on the container. + st, err := os.Stat(resolvedWorkdir) + if err == nil { + if !st.IsDir() { + return errors.Errorf("workdir %q exists on container %s, but is not a directory", workdir, c.ID()) + } + return nil + } if !c.config.CreateWorkingDir { - if _, err := os.Stat(resolvedWorkdir); err != nil { + // No need to create it (e.g., `--workdir=/foo`), so let's make sure + // the path exists on the container. + if err != nil { if os.IsNotExist(err) { return errors.Errorf("workdir %q does not exist on container %s", workdir, c.ID()) } @@ -216,11 +224,6 @@ func (c *Container) resolveWorkDir() error { } return nil } - - // Ensure container entrypoint is created (if required). - rootUID := c.RootUID() - rootGID := c.RootGID() - if err := os.MkdirAll(resolvedWorkdir, 0755); err != nil { if os.IsExist(err) { return nil @@ -228,7 +231,12 @@ func (c *Container) resolveWorkDir() error { return errors.Wrapf(err, "error creating container %s workdir", c.ID()) } - if err := os.Chown(resolvedWorkdir, rootUID, rootGID); err != nil { + // Ensure container entrypoint is created (if required). + uid, gid, _, err := chrootuser.GetUser(c.state.Mountpoint, c.User()) + if err != nil { + return errors.Wrapf(err, "error looking up %s inside of the container %s", c.User(), c.ID()) + } + if err := os.Chown(resolvedWorkdir, int(uid), int(gid)); err != nil { return errors.Wrapf(err, "error chowning container %s workdir to container root", c.ID()) } diff --git a/pkg/bindings/connection.go b/pkg/bindings/connection.go index 7b26037eb..6ff072e75 100644 --- a/pkg/bindings/connection.go +++ b/pkg/bindings/connection.go @@ -124,7 +124,7 @@ func NewConnectionWithIdentity(ctx context.Context, uri string, identity string) ctx = context.WithValue(ctx, clientKey, &connection) if err := pingNewConnection(ctx); err != nil { - return nil, err + return nil, errors.Wrap(err, "cannot connect to the Podman socket, please verify that Podman REST API service is running") } return ctx, nil } diff --git a/test/e2e/run_working_dir_test.go b/test/e2e/run_working_dir_test.go index 59538448e..948ed05e7 100644 --- a/test/e2e/run_working_dir_test.go +++ b/test/e2e/run_working_dir_test.go @@ -47,7 +47,7 @@ var _ = Describe("Podman run", func() { It("podman run a container on an image with a workdir", func() { dockerfile := `FROM alpine -RUN mkdir -p /home/foobar +RUN mkdir -p /home/foobar /etc/foobar; chown bin:bin /etc/foobar WORKDIR /etc/foobar` podmanTest.BuildImage(dockerfile, "test", "false") @@ -56,6 +56,10 @@ WORKDIR /etc/foobar` Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(Equal("/etc/foobar")) + session = podmanTest.Podman([]string{"run", "test", "ls", "-ld", "."}) + session.WaitWithDefaultTimeout() + Expect(session.LineInOutputContains("bin")).To(BeTrue()) + session = podmanTest.Podman([]string{"run", "--workdir", "/home/foobar", "test", "pwd"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) |