containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make sure buildin volumes have the same ownership and permissions as image 

When creating a new image volume to be mounted into a container, we need to
make sure the new volume matches the Ownership and permissions of the path
that it will be mounted on.

For example if a volume inside of a containre image is owned by the database
UID, we want the volume to be mounted onto the image to be owned by the
database UID.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh 2019-03-14 08:33:53 -04:00
parent 37dcc0a305
commit 9d81be9614
No known key found for this signature in database
GPG Key ID: A2DF901DABE2C028
4 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/podman-load.1.md
View File

@ -4,7 +4,7 @@
podman\-load - Load an image from docker archive
## SYNOPSIS
**podman load** *name*[:*tag*|@*digest*]
**podman load** [ARCHIVE]
## DESCRIPTION
**podman load** copies an image from either **docker-archive** or **oci-archive** stored

4
libpod/container_internal.go
View File

@ -1429,5 +1429,9 @@ func (c *Container) copyWithTarFromImage(src, dest string) error {
}
a := archive.NewDefaultArchiver()
source := filepath.Join(mountpoint, src)
if err = c.copyOwnerAndPerms(source, dest); err != nil {
return err
}
return a.CopyWithTar(source, dest)
}

17
libpod/container_internal_linux.go
View File

@ -982,3 +982,20 @@ func (c *Container) generatePasswd() (string, error) {
}
return passwdFile, nil
}
func (c *Container) copyOwnerAndPerms(source, dest string) error {
info, err := os.Stat(source)
if err != nil {
if os.IsNotExist(err) {
return nil
}
return errors.Wrapf(err, "cannot stat `%s`", dest)
}
if err := os.Chmod(dest, info.Mode()); err != nil {
return errors.Wrapf(err, "cannot chmod `%s`", dest)
}
if err := os.Chown(dest, int(info.Sys().(*syscall.Stat_t).Uid), int(info.Sys().(*syscall.Stat_t).Gid)); err != nil {
return errors.Wrapf(err, "cannot chown `%s`", dest)
}
return nil
}

4
libpod/container_internal_unsupported.go
View File

@ -35,3 +35,7 @@ func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointO
func (c *Container) restore(ctx context.Context, options ContainerCheckpointOptions) error {
return ErrNotImplemented
}
func (c *Container) copyOwnerAndPerms(source, dest string) error {
return nil
}