From aef0995b02a5a90ad74e6d91901d7bc8a9713796 Mon Sep 17 00:00:00 2001
From: Phil Estes <estesp@linux.vnet.ibm.com>
Date: Fri, 5 Feb 2016 14:37:33 -0500
Subject: [PATCH] Fix ZFS permissions bug with user namespaces

Fix root directory of the mountpoint being owned by real root. This is
unique to ZFS because of the way file mountpoints are created using the
ZFS tooling, and the remapping that happens at layer unpack doesn't
impact this root (already created) holding directory for the layer.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
---
 daemon/graphdriver/zfs/zfs.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/daemon/graphdriver/zfs/zfs.go b/daemon/graphdriver/zfs/zfs.go
index e096798348..5cc10d2e26 100644
--- a/daemon/graphdriver/zfs/zfs.go
+++ b/daemon/graphdriver/zfs/zfs.go
@@ -308,10 +308,14 @@ func (d *Driver) Get(id, mountLabel string) (string, error) {
 		return "", err
 	}
 
-	err = mount.Mount(filesystem, mountpoint, "zfs", options)
-	if err != nil {
+	if err := mount.Mount(filesystem, mountpoint, "zfs", options); err != nil {
 		return "", fmt.Errorf("error creating zfs mount of %s to %s: %v", filesystem, mountpoint, err)
 	}
+	// this could be our first mount after creation of the filesystem, and the root dir may still have root
+	// permissions instead of the remapped root uid:gid (if user namespaces are enabled):
+	if err := os.Chown(mountpoint, rootUID, rootGID); err != nil {
+		return "", fmt.Errorf("error modifying zfs mountpoint (%s) directory ownership: %v", mountpoint, err)
+	}
 
 	return mountpoint, nil
 }