Fix copyUIDGID parameter inversion in Docker compat API

Docker API's copyUIDGID=true means "preserve UID/GID from archive" but Podman's internal Chown=true means "chown to container user". This caused Docker SDK clients to have files incorrectly chowned to root:root instead of preserving the archive's UID/GID. Fixes: https://github.com/containers/podman/issues/27332 Fixes: https://issues.redhat.com/browse/RUN-3643 Signed-off-by: Jan Rodák <hony.com@seznam.cz>
2025-11-29 17:48:05 +08:00 · 2025-10-27 11:49:31 +01:00
parent 5a0b74b13e
commit 2b848cca36
3 changed files with 51 additions and 4 deletions
--- a/pkg/api/handlers/compat/containers_archive.go
+++ b/pkg/api/handlers/compat/containers_archive.go
@@ -124,9 +124,17 @@ func handlePut(w http.ResponseWriter, r *http.Request, decoder *schema.Decoder,
 	containerName := utils.GetName(r)
 	containerEngine := abi.ContainerEngine{Libpod: runtime}

+	// Docker API semantics: copyUIDGID=true means "preserve UID/GID from archive"
+	// Podman internal semantics: Chown=true means "chown to container user" (override archive)
+	// For compat requests, we need to invert the value
+	chown := query.Chown
+	if !utils.IsLibpodRequest(r) {
+		chown = !query.Chown
+	}
+
 	copyFunc, err := containerEngine.ContainerCopyFromArchive(r.Context(), containerName, query.Path, r.Body,
 		entities.CopyOptions{
-			Chown:                query.Chown,
+			Chown:                chown,
 			NoOverwriteDirNonDir: query.NoOverwriteDirNonDir,
 			Rename:               rename,
 		})