opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-06 03:19:52 +08:00
Code Issues Packages Projects Releases Wiki Activity

Don't chown workdir if it already exists

Browse Source 
Currently podman is always chowning the WORKDIR to root:root
This PR will return if the WORKDIR already exists.

Fixes: https://github.com/containers/podman/issues/9387

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
2021-02-15 16:22:44 -05:00
parent df8ba7f4a9
commit 3d50393f09
2 changed files with 22 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
libpod/container_internal_linux.go
View File

@ -21,6 +21,7 @@ import (
cnitypes "github.com/containernetworking/cni/pkg/types/current"
"github.com/containernetworking/plugins/pkg/ns"
"github.com/containers/buildah/pkg/chrootuser"
"github.com/containers/buildah/pkg/overlay"
"github.com/containers/common/pkg/apparmor"
"github.com/containers/common/pkg/config"
@ -203,10 +204,17 @@ func (c *Container) resolveWorkDir() error {
}
logrus.Debugf("Workdir %q resolved to host path %q", workdir, resolvedWorkdir)
// No need to create it (e.g., `--workdir=/foo`), so let's make sure
// the path exists on the container.
st, err := os.Stat(resolvedWorkdir)
if err == nil {
if !st.IsDir() {
return errors.Errorf("workdir %q exists on container %s, but is not a directory", workdir, c.ID())
}
return nil
}
if !c.config.CreateWorkingDir {
if _, err := os.Stat(resolvedWorkdir); err != nil {
// No need to create it (e.g., `--workdir=/foo`), so let's make sure
// the path exists on the container.
if err != nil {
if os.IsNotExist(err) {
return errors.Errorf("workdir %q does not exist on container %s", workdir, c.ID())
}
@ -216,11 +224,6 @@ func (c *Container) resolveWorkDir() error {
}
return nil
}
// Ensure container entrypoint is created (if required).
rootUID := c.RootUID()
rootGID := c.RootGID()
if err := os.MkdirAll(resolvedWorkdir, 0755); err != nil {
if os.IsExist(err) {
return nil
@ -228,7 +231,12 @@ func (c *Container) resolveWorkDir() error {
return errors.Wrapf(err, "error creating container %s workdir", c.ID())
}
if err := os.Chown(resolvedWorkdir, rootUID, rootGID); err != nil {
// Ensure container entrypoint is created (if required).
uid, gid, _, err := chrootuser.GetUser(c.state.Mountpoint, c.User())
if err != nil {
return errors.Wrapf(err, "error looking up %s inside of the container %s", c.User(), c.ID())
}
if err := os.Chown(resolvedWorkdir, int(uid), int(gid)); err != nil {
return errors.Wrapf(err, "error chowning container %s workdir to container root", c.ID())
}