aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/podman/cp.go14
-rw-r--r--docs/podman-cp.1.md2
2 files changed, 14 insertions, 2 deletions
diff --git a/cmd/podman/cp.go b/cmd/podman/cp.go
index 661d0a530..7205f9357 100644
--- a/cmd/podman/cp.go
+++ b/cmd/podman/cp.go
@@ -14,6 +14,7 @@ import (
"github.com/containers/libpod/cmd/podman/libpodruntime"
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/libpod/define"
+ "github.com/containers/libpod/pkg/cgroups"
"github.com/containers/libpod/pkg/rootless"
"github.com/containers/storage"
"github.com/containers/storage/pkg/archive"
@@ -52,7 +53,7 @@ func init() {
cpCommand.Command = _cpCommand
flags := cpCommand.Flags()
flags.BoolVar(&cpCommand.Extract, "extract", false, "Extract the tar file into the destination directory.")
- flags.BoolVar(&cpCommand.Pause, "pause", true, "Pause the container while copying")
+ flags.BoolVar(&cpCommand.Pause, "pause", copyPause(), "Pause the container while copying")
cpCommand.SetHelpTemplate(HelpTemplate())
cpCommand.SetUsageTemplate(UsageTemplate())
}
@@ -480,3 +481,14 @@ func pathWithBindMountSource(m specs.Mount, path string) (string, error) {
}
return securejoin.SecureJoin(m.Source, strings.TrimPrefix(path, m.Destination))
}
+
+func copyPause() bool {
+ if !remoteclient && rootless.IsRootless() {
+ cgroupv2, _ := cgroups.IsCgroup2UnifiedMode()
+ if !cgroupv2 {
+ logrus.Debugf("defaulting to pause==false on rootless cp in cgroupv1 systems")
+ return false
+ }
+ }
+ return true
+}
diff --git a/docs/podman-cp.1.md b/docs/podman-cp.1.md
index e3d992b55..736bdb12a 100644
--- a/docs/podman-cp.1.md
+++ b/docs/podman-cp.1.md
@@ -65,7 +65,7 @@ Extract the tar file into the destination directory. If the destination director
**--pause**
-Pause the container while copying into it to avoid potential security issues around symlinks. Defaults to *false*.
+Pause the container while copying into it to avoid potential security issues around symlinks. Defaults to *true*. On rootless containers with cgroups V1, defaults to false.
## ALTERNATIVES