From db9caa74b79482b362aab180054e69a08c10d3cd Mon Sep 17 00:00:00 2001 From: Aditya Rajan Date: Tue, 7 Dec 2021 15:08:52 +0530 Subject: volume: apply exact permission of target directory without adding extra 0111 While trying to match permissions of target directory podman adds extra `0111` which should not be needed if target path does not have execute permission. Signed-off-by: Aditya Rajan --- libpod/container_internal_linux.go | 2 +- test/e2e/run_volume_test.go | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 8bd433427..eb05ca423 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -2678,7 +2678,7 @@ func (c *Container) fixVolumePermissions(v *ContainerNamedVolume) error { return err } } - if err := os.Chmod(mountPoint, st.Mode()|0111); err != nil { + if err := os.Chmod(mountPoint, st.Mode()); err != nil { return err } stat := st.Sys().(*syscall.Stat_t) diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index 59937b6c0..eca43680b 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -691,6 +691,18 @@ USER testuser`, fedoraMinimal) }) + It("podman run with named volume check if we honor permission of target dir", func() { + session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "stat", "-c", "%a %Y", "/var/tmp"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + perms := session.OutputToString() + + session = podmanTest.Podman([]string{"run", "--rm", "-v", "test:/var/tmp", ALPINE, "stat", "-c", "%a %Y", "/var/tmp"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).To(Equal(perms)) + }) + It("podman volume with uid and gid works", func() { volName := "testVol" volCreate := podmanTest.Podman([]string{"volume", "create", "--opt", "o=uid=1000", volName}) -- cgit v1.2.3-54-g00ecf