From 874f2327e6ca963edda7cc46819d51048d3d19a8 Mon Sep 17 00:00:00 2001 From: Eduardo Vega Date: Tue, 5 Jan 2021 19:50:58 -0600 Subject: Add U volume flag to chown source volumes Signed-off-by: Eduardo Vega --- libpod/container.go | 2 ++ libpod/container_internal_linux.go | 36 ++++++++++++++++++++++++++++++++++-- libpod/options.go | 5 +++-- 3 files changed, 39 insertions(+), 4 deletions(-) (limited to 'libpod') diff --git a/libpod/container.go b/libpod/container.go index 9841bddf7..ee6e243ac 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -236,6 +236,8 @@ type ContainerOverlayVolume struct { Dest string `json:"dest"` // Source specifies the source path of the mount. Source string `json:"source,omitempty"` + // Options holds overlay volume options. + Options []string `json:"options,omitempty"` } // ContainerImageVolume is a volume based on a container image. The container diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 43a345ea9..9c3e91a97 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -23,7 +23,9 @@ import ( "github.com/containernetworking/plugins/pkg/ns" "github.com/containers/buildah/pkg/chrootuser" "github.com/containers/buildah/pkg/overlay" + butil "github.com/containers/buildah/util" "github.com/containers/common/pkg/apparmor" + "github.com/containers/common/pkg/chown" "github.com/containers/common/pkg/config" "github.com/containers/common/pkg/subscriptions" "github.com/containers/common/pkg/umask" @@ -356,13 +358,28 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { return nil, err } - // Check if the spec file mounts contain the label Relabel flags z or Z. - // If they do, relabel the source directory and then remove the option. + // Get host UID and GID based on the container process UID and GID. + hostUID, hostGID, err := butil.GetHostIDs(util.IDtoolsToRuntimeSpec(c.config.IDMappings.UIDMap), util.IDtoolsToRuntimeSpec(c.config.IDMappings.GIDMap), uint32(execUser.Uid), uint32(execUser.Gid)) + if err != nil { + return nil, err + } + + // Check if the spec file mounts contain the options z, Z or U. + // If they have z or Z, relabel the source directory and then remove the option. + // If they have U, chown the source directory and them remove the option. for i := range g.Config.Mounts { m := &g.Config.Mounts[i] var options []string for _, o := range m.Options { switch o { + case "U": + if m.Type == "tmpfs" { + options = append(options, []string{fmt.Sprintf("uid=%d", execUser.Uid), fmt.Sprintf("gid=%d", execUser.Gid)}...) + } else { + if err := chown.ChangeHostPathOwnership(m.Source, true, int(hostUID), int(hostGID)); err != nil { + return nil, err + } + } case "z": fallthrough case "Z": @@ -427,6 +444,21 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { if err != nil { return nil, errors.Wrapf(err, "mounting overlay failed %q", overlayVol.Source) } + + // Check overlay volume options + for _, o := range overlayVol.Options { + switch o { + case "U": + if err := chown.ChangeHostPathOwnership(overlayVol.Source, true, int(hostUID), int(hostGID)); err != nil { + return nil, err + } + + if err := chown.ChangeHostPathOwnership(contentDir, true, int(hostUID), int(hostGID)); err != nil { + return nil, err + } + } + } + g.AddMount(overlayMount) } diff --git a/libpod/options.go b/libpod/options.go index 627ea8c57..6344e1acc 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -1429,8 +1429,9 @@ func WithOverlayVolumes(volumes []*ContainerOverlayVolume) CtrCreateOption { for _, vol := range volumes { ctr.config.OverlayVolumes = append(ctr.config.OverlayVolumes, &ContainerOverlayVolume{ - Dest: vol.Dest, - Source: vol.Source, + Dest: vol.Dest, + Source: vol.Source, + Options: vol.Options, }) } -- cgit v1.2.3-54-g00ecf