Vendor in latest containers/storage

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

vendor/github.com/containers/storage/drivers/chown_unix.go

@@ -21,12 +21,12 @@ type inode struct {
 
 type platformChowner struct {
 	mutex  sync.Mutex
-	inodes map[inode]bool
+	inodes map[inode]string
 }
 
 func newLChowner() *platformChowner {
 	return &platformChowner{
-		inodes: make(map[inode]bool),
+		inodes: make(map[inode]string),
 	}
 }
 
@@ -40,15 +40,33 @@ func (c *platformChowner) LChown(path string, info os.FileInfo, toHost, toContai
 		Dev: uint64(st.Dev),
 		Ino: uint64(st.Ino),
 	}
+
 	c.mutex.Lock()
-	_, found := c.inodes[i]
+
+	oldTarget, found := c.inodes[i]
 	if !found {
-		c.inodes[i] = true
+		c.inodes[i] = path
+	}
+
+	// If we are dealing with a file with multiple links then keep the lock until the file is
+	// chowned to avoid a race where we link to the old version if the file is copied up.
+	if found || st.Nlink > 1 {
+		defer c.mutex.Unlock()
+	} else {
+		c.mutex.Unlock()
 	}
-	c.mutex.Unlock()
 
 	if found {
-		return nil
+		// If the dev/inode was already chowned then create a link to the old target instead
+		// of chowning it again.  This is necessary when the underlying file system breaks
+		// inodes on copy-up (as it is with overlay with index=off) to maintain the original
+		// link and correct file ownership.
+
+		// The target already exists so remove it before creating the link to the new target.
+		if err := os.Remove(path); err != nil {
+			return err
+		}
+		return os.Link(oldTarget, path)
 	}
 
 	// Map an on-disk UID/GID pair from host to container