From bf10fac19371f295dab3038b5042483f595c68f3 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Wed, 20 Mar 2019 12:03:51 +0100
Subject: volume: create new volumes with right ownership

when we create a new volume we must be sure it is owned by root in the
container.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 libpod/runtime_ctr.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index 3b74a65dd..f23dc86dd 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -186,8 +186,11 @@ func (r *Runtime) newContainer(ctx context.Context, rSpec *spec.Spec, options ..
 					return nil, errors.Wrapf(err, "error creating named volume %q", vol.Source)
 				}
 				ctr.config.Spec.Mounts[i].Source = newVol.MountPoint()
+				if err := os.Chown(ctr.config.Spec.Mounts[i].Source, ctr.RootUID(), ctr.RootGID()); err != nil {
+					return nil, errors.Wrapf(err, "cannot chown %q to %d:%d", ctr.config.Spec.Mounts[i].Source, ctr.RootUID(), ctr.RootGID())
+				}
 				if err := ctr.copyWithTarFromImage(ctr.config.Spec.Mounts[i].Destination, ctr.config.Spec.Mounts[i].Source); err != nil && !os.IsNotExist(err) {
-					return nil, errors.Wrapf(err, "Failed to copy content into new volume mount %q", vol.Source)
+					return nil, errors.Wrapf(err, "failed to copy content into new volume mount %q", vol.Source)
 				}
 				continue
 			}
-- 
cgit v1.2.3-54-g00ecf