opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-06 11:32:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Don't chown workdir if it already exists

Browse Source 
Currently podman is always chowning the WORKDIR to root:root
This PR will return if the WORKDIR already exists.

Fixes: https://github.com/containers/podman/issues/9387

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
2021-02-15 16:22:44 -05:00
parent df8ba7f4a9
commit 3d50393f09
2 changed files with 22 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
libpod/container_internal_linux.go
View File

@ -21,6 +21,7 @@ import (
cnitypes "github.com/containernetworking/cni/pkg/types/current" cnitypes "github.com/containernetworking/cni/pkg/types/current"
"github.com/containernetworking/plugins/pkg/ns" "github.com/containernetworking/plugins/pkg/ns"
"github.com/containers/buildah/pkg/chrootuser"
"github.com/containers/buildah/pkg/overlay" "github.com/containers/buildah/pkg/overlay"
"github.com/containers/common/pkg/apparmor" "github.com/containers/common/pkg/apparmor"
"github.com/containers/common/pkg/config" "github.com/containers/common/pkg/config"
@ -203,10 +204,17 @@ func (c *Container) resolveWorkDir() error {
} }
logrus.Debugf("Workdir %q resolved to host path %q", workdir, resolvedWorkdir) logrus.Debugf("Workdir %q resolved to host path %q", workdir, resolvedWorkdir)
st, err := os.Stat(resolvedWorkdir)
if err == nil {
if !st.IsDir() {
return errors.Errorf("workdir %q exists on container %s, but is not a directory", workdir, c.ID())
}
return nil
}
if !c.config.CreateWorkingDir {
// No need to create it (e.g., `--workdir=/foo`), so let's make sure // No need to create it (e.g., `--workdir=/foo`), so let's make sure
// the path exists on the container. // the path exists on the container.
if !c.config.CreateWorkingDir { if err != nil {
if _, err := os.Stat(resolvedWorkdir); err != nil {
if os.IsNotExist(err) { if os.IsNotExist(err) {
return errors.Errorf("workdir %q does not exist on container %s", workdir, c.ID()) return errors.Errorf("workdir %q does not exist on container %s", workdir, c.ID())
} }
@ -216,11 +224,6 @@ func (c *Container) resolveWorkDir() error {
} }
return nil return nil
} }
// Ensure container entrypoint is created (if required).
rootUID := c.RootUID()
rootGID := c.RootGID()
if err := os.MkdirAll(resolvedWorkdir, 0755); err != nil { if err := os.MkdirAll(resolvedWorkdir, 0755); err != nil {
if os.IsExist(err) { if os.IsExist(err) {
return nil return nil
@ -228,7 +231,12 @@ func (c *Container) resolveWorkDir() error {
return errors.Wrapf(err, "error creating container %s workdir", c.ID()) return errors.Wrapf(err, "error creating container %s workdir", c.ID())
} }
if err := os.Chown(resolvedWorkdir, rootUID, rootGID); err != nil { // Ensure container entrypoint is created (if required).
uid, gid, _, err := chrootuser.GetUser(c.state.Mountpoint, c.User())
if err != nil {
return errors.Wrapf(err, "error looking up %s inside of the container %s", c.User(), c.ID())
}
if err := os.Chown(resolvedWorkdir, int(uid), int(gid)); err != nil {
return errors.Wrapf(err, "error chowning container %s workdir to container root", c.ID()) return errors.Wrapf(err, "error chowning container %s workdir to container root", c.ID())
} }

6
test/e2e/run_working_dir_test.go
View File

@ -47,7 +47,7 @@ var _ = Describe("Podman run", func() {
It("podman run a container on an image with a workdir", func() { It("podman run a container on an image with a workdir", func() {
dockerfile := `FROM alpine dockerfile := `FROM alpine
RUN mkdir -p /home/foobar RUN mkdir -p /home/foobar /etc/foobar; chown bin:bin /etc/foobar
WORKDIR /etc/foobar` WORKDIR /etc/foobar`
podmanTest.BuildImage(dockerfile, "test", "false") podmanTest.BuildImage(dockerfile, "test", "false")
@ -56,6 +56,10 @@ WORKDIR /etc/foobar`
Expect(session.ExitCode()).To(Equal(0)) Expect(session.ExitCode()).To(Equal(0))
Expect(session.OutputToString()).To(Equal("/etc/foobar")) Expect(session.OutputToString()).To(Equal("/etc/foobar"))
session = podmanTest.Podman([]string{"run", "test", "ls", "-ld", "."})
session.WaitWithDefaultTimeout()
Expect(session.LineInOutputContains("bin")).To(BeTrue())
session = podmanTest.Podman([]string{"run", "--workdir", "/home/foobar", "test", "pwd"}) session = podmanTest.Podman([]string{"run", "--workdir", "/home/foobar", "test", "pwd"})
session.WaitWithDefaultTimeout() session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0)) Expect(session.ExitCode()).To(Equal(0))