From 7113c3d0ae0eff65936abc671991e681a9dce69b Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 11 Apr 2023 12:56:17 +0200 Subject: [PATCH] drivers: chown root mount to root in the userns chown the root mount to root in the userns so that it can be used by the container. Signed-off-by: Giuseppe Scrivano --- drivers/overlay/overlay.go | 2 +- drivers/vfs/driver.go | 11 ++++++++++- tests/idmaps.bats | 4 ++++ 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/drivers/overlay/overlay.go b/drivers/overlay/overlay.go index b606713f0..8216d617a 100644 --- a/drivers/overlay/overlay.go +++ b/drivers/overlay/overlay.go @@ -1478,7 +1478,7 @@ func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountO absLowers = append(absLowers, path.Join(dir, "empty")) } // user namespace requires this to move a directory from lower to upper. - rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps) + rootUID, rootGID, err := idtools.GetRootUIDGID(options.UidMaps, options.GidMaps) if err != nil { return "", err } diff --git a/drivers/vfs/driver.go b/drivers/vfs/driver.go index bf0cfe940..2c6a63d6e 100644 --- a/drivers/vfs/driver.go +++ b/drivers/vfs/driver.go @@ -304,7 +304,16 @@ func (d *Driver) SupportsShifting() bool { // UpdateLayerIDMap updates ID mappings in a from matching the ones specified // by toContainer to those specified by toHost. func (d *Driver) UpdateLayerIDMap(id string, toContainer, toHost *idtools.IDMappings, mountLabel string) error { - return d.updater.UpdateLayerIDMap(id, toContainer, toHost, mountLabel) + if err := d.updater.UpdateLayerIDMap(id, toContainer, toHost, mountLabel); err != nil { + return err + } + dir := d.dir(id) + rootIDs, err := toHost.ToHost(idtools.IDPair{UID: 0, GID: 0}) + if err != nil { + return err + } + return os.Chown(dir, rootIDs.UID, rootIDs.GID) + } // Changes produces a list of changes between the specified layer diff --git a/tests/idmaps.bats b/tests/idmaps.bats index 2267a5352..b58dcf16b 100644 --- a/tests/idmaps.bats +++ b/tests/idmaps.bats @@ -853,6 +853,10 @@ load helpers [ "$output" != "" ] mount="$output" + uid=$(stat -c %u ${mount}) + gid=$(stat -c %g ${mount}) + test ${uid}:${gid} = ${uidrange[$i]}:${gidrange[$i]} + for j in $(seq $n) ; do ownerids=$(stat -c %u:%g ${mount}/file$j) echo on-disk IDs: "$ownerids"