container: do not chown to dest target with U

if the 'U' option is provided, do not chown the destination target to
the existing target in the image.

Closes: https://github.com/containers/podman/issues/22224

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

libpod/container_internal_common.go

@@ -2882,8 +2882,13 @@ func (c *Container) fixVolumePermissions(v *ContainerNamedVolume) error {
 			return err
 		}
 
-		// Make sure the new volume matches the permissions of the target directory.
+		// Make sure the new volume matches the permissions of the target directory unless 'U' is
+		// provided (since the volume was already chowned in this case).
 		// https://github.com/containers/podman/issues/10188
+		if slices.Contains(v.Options, "U") {
+			return nil
+		}
+
 		st, err := os.Lstat(filepath.Join(c.state.Mountpoint, v.Dest))
 		if err == nil {
 			if stat, ok := st.Sys().(*syscall.Stat_t); ok {

test/e2e/run_volume_test.go

@@ -750,6 +750,12 @@ VOLUME /test/`, ALPINE)
 		Expect(session).Should(ExitCleanly())
 		Expect(session.OutputToString()).To(ContainSubstring("888:888"))
 
+		// test with an existing directory in the image
+		session = podmanTest.Podman([]string{"run", "--rm", "--user", "881:882", "-v", "NAMED-VOLUME:/mnt:U", ALPINE, "stat", "-c", "%u:%g", "/mnt"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(ExitCleanly())
+		Expect(session.OutputToString()).To(ContainSubstring("881:882"))
+
 		session = podmanTest.Podman([]string{"run", "--rm", "--user", "888:888", "--userns", "auto", "-v", vol, ALPINE, "stat", "-c", "%u:%g", dest})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(ExitCleanly())