Skip to content

Commit

Permalink
Merge pull request #22229 from giuseppe/fix-idmap-existing-volume
Browse files Browse the repository at this point in the history
libpod: use original IDs if idmap is provided
  • Loading branch information
openshift-merge-bot[bot] authored Apr 1, 2024
2 parents 45b809c + d81319e commit e1f4952
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 2 deletions.
12 changes: 11 additions & 1 deletion libpod/container_internal_common.go
Original file line number Diff line number Diff line change
Expand Up @@ -2819,6 +2819,15 @@ func (c *Container) createSecretMountDir(runPath string) error {
return err
}

func hasIdmapOption(options []string) bool {
for _, o := range options {
if o == "idmap" || strings.HasPrefix(o, "idmap=") {
return true
}
}
return false
}

// Fix ownership and permissions of the specified volume if necessary.
func (c *Container) fixVolumePermissions(v *ContainerNamedVolume) error {
vol, err := c.runtime.state.Volume(v.Name)
Expand All @@ -2842,7 +2851,8 @@ func (c *Container) fixVolumePermissions(v *ContainerNamedVolume) error {
uid := int(c.config.Spec.Process.User.UID)
gid := int(c.config.Spec.Process.User.GID)

if c.config.IDMappings.UIDMap != nil {
// if the volume is mounted with "idmap", leave the IDs in from the current environment.
if c.config.IDMappings.UIDMap != nil && !hasIdmapOption(v.Options) {
p := idtools.IDPair{
UID: uid,
GID: gid,
Expand Down
9 changes: 8 additions & 1 deletion test/system/030-run.bats
Original file line number Diff line number Diff line change
Expand Up @@ -1252,9 +1252,16 @@ EOF

touch $romount/testfile
chown 2000:2000 $romount/testfile
run_podman run --uidmap=0:1000:2 --rm --rootfs "$romount:idmap=uids=@2000-1-1;gids=@2000-1-1" stat -c %u:%g /testfile
run_podman run --uidmap=0:1000:200 --rm --rootfs "$romount:idmap=uids=@2000-1-1;gids=@2000-1-1" stat -c %u:%g /testfile
is "$output" "1:1"

myvolume=my-volume-$(random_string)
run_podman volume create $myvolume
mkdir $romount/volume
run_podman run --rm --uidmap=0:1000:10000 -v volume:/volume:idmap --rootfs $romount stat -c %u:%g /volume
is "$output" "0:0"
run_podman volume rm $myvolume

rm -rf $romount
}

Expand Down

0 comments on commit e1f4952

Please sign in to comment.