From 55f00bac02fcde7fbe960a9a80131dbc72630b5b Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Wed, 19 May 2021 08:22:13 -0400
Subject: [PATCH] Clear the storage-options from the graphdriver if users
 specifies --root

Fixes: https://github.com/containers/podman/issues/10393

Currently if a user specifies a --root flag to override the location of
the container storage, we still enforce the storage-opts from
storage.conf. This causes issues with people trying to intereact with
the additional stores feature, and then forces them to use the obscure
--storage-opt="" option. I belive this should be the default and we
already do this when the user specifies the --storage-driver option.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 docs/source/markdown/podman.1.md    | 2 ++
 pkg/domain/infra/runtime_libpod.go  | 1 +
 test/compose/test-compose           | 6 ++++--
 test/system/005-info.bats           | 8 ++++++++
 test/system/010-images.bats         | 2 +-
 test/system/150-login.bats          | 6 +++---
 test/system/330-corrupt-images.bats | 2 +-
 7 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md
index ab4be13078..734d00971d 100644
--- a/docs/source/markdown/podman.1.md
+++ b/docs/source/markdown/podman.1.md
@@ -120,6 +120,8 @@ Remote connections use local containers.conf for default.
 Storage root dir in which data, including images, is stored (default: "/var/lib/containers/storage" for UID 0, "$HOME/.local/share/containers/storage" for other users).
 Default root dir configured in `/etc/containers/storage.conf`.
 
+Overriding this option will cause the *storage-opt* settings in /etc/containers/storage.conf to be ignored.  The user must specify additional options via the `--storage-opt` flag.
+
 #### **--runroot**=*value*
 
 Storage state directory where all state information is stored (default: "/run/containers/storage" for UID 0, "/run/user/$UID/run" for other users).
diff --git a/pkg/domain/infra/runtime_libpod.go b/pkg/domain/infra/runtime_libpod.go
index a98c9168a9..5cbee2e767 100644
--- a/pkg/domain/infra/runtime_libpod.go
+++ b/pkg/domain/infra/runtime_libpod.go
@@ -129,6 +129,7 @@ func getRuntime(ctx context.Context, fs *flag.FlagSet, opts *engineOpts) (*libpo
 	if fs.Changed("root") {
 		storageSet = true
 		storageOpts.GraphRoot = cfg.Engine.StaticDir
+		storageOpts.GraphDriverOptions = []string{}
 	}
 	if fs.Changed("runroot") {
 		storageSet = true
diff --git a/test/compose/test-compose b/test/compose/test-compose
index 46ca80321b..981f78a795 100755
--- a/test/compose/test-compose
+++ b/test/compose/test-compose
@@ -174,12 +174,12 @@ function test_port() {
     if [ $curl_rc -ne 0 ]; then
         _show_ok 0 "$testname - curl (port $port) failed with status $curl_rc"
         echo "# podman ps -a:"
-        $PODMAN_BIN --root $WORKDIR/root --runroot $WORKDIR/runroot ps -a
+        $PODMAN_BIN --storage-driver=vfs --root $WORKDIR/root --runroot $WORKDIR/runroot ps -a
         if type -p ss; then
             echo "# ss -tulpn:"
             ss -tulpn
             echo "# podman unshare --rootless-cni ss -tulpn:"
-            $PODMAN_BIN --root $WORKDIR/root --runroot $WORKDIR/runroot unshare --rootless-cni ss -tulpn
+            $PODMAN_BIN --storage-driver=vfs --root $WORKDIR/root --runroot $WORKDIR/runroot unshare --rootless-cni ss -tulpn
         fi
         echo "# cat $WORKDIR/server.log:"
         cat $WORKDIR/server.log
@@ -214,6 +214,7 @@ function start_service() {
 
     $PODMAN_BIN \
         --log-level debug \
+	--storage-driver=vfs \
         --root $WORKDIR/root \
         --runroot $WORKDIR/runroot \
         --cgroup-manager=systemd \
@@ -241,6 +242,7 @@ function start_service() {
 function podman() {
     echo "\$ podman $*"           >>$WORKDIR/output.log
     output=$($PODMAN_BIN \
+	--storage-driver=vfs \
         --root    $WORKDIR/root    \
         --runroot $WORKDIR/runroot \
         "$@")
diff --git a/test/system/005-info.bats b/test/system/005-info.bats
index 83d79221a4..4b419841ee 100644
--- a/test/system/005-info.bats
+++ b/test/system/005-info.bats
@@ -82,4 +82,12 @@ store.imageStore.number   | 1
     # mounts.
     is "$output" ".*graphOptions: {}" "output includes graphOptions: {}"
 }
+
+@test "podman --root PATH info - basic output" {
+    if ! is_remote; then
+        run_podman --storage-driver=vfs --root ${PODMAN_TMPDIR}/nothing-here-move-along info --format '{{ .Store.GraphOptions }}'
+        is "$output" "map\[\]" "'podman --root should reset Graphoptions to []"
+    fi
+}
+
 # vim: filetype=sh
diff --git a/test/system/010-images.bats b/test/system/010-images.bats
index bda331e6bf..2d7ac1e0c8 100644
--- a/test/system/010-images.bats
+++ b/test/system/010-images.bats
@@ -12,7 +12,7 @@ load helpers
     # 'podman images' should emit headings even if there are no images
     # (but --root only works locally)
     if ! is_remote; then
-        run_podman --root ${PODMAN_TMPDIR}/nothing-here-move-along images
+        run_podman --storage-driver=vfs --root ${PODMAN_TMPDIR}/nothing-here-move-along images
         is "$output" "$headings" "'podman images' emits headings even w/o images"
     fi
 }
diff --git a/test/system/150-login.bats b/test/system/150-login.bats
index c3af63348b..b6c04db08e 100644
--- a/test/system/150-login.bats
+++ b/test/system/150-login.bats
@@ -62,7 +62,7 @@ function setup() {
     # Pull registry image, but into a separate container storage
     mkdir -p ${PODMAN_LOGIN_WORKDIR}/root
     mkdir -p ${PODMAN_LOGIN_WORKDIR}/runroot
-    PODMAN_LOGIN_ARGS="--root ${PODMAN_LOGIN_WORKDIR}/root --runroot ${PODMAN_LOGIN_WORKDIR}/runroot"
+    PODMAN_LOGIN_ARGS="--storage-driver=vfs --root ${PODMAN_LOGIN_WORKDIR}/root --runroot ${PODMAN_LOGIN_WORKDIR}/runroot"
     # Give it three tries, to compensate for flakes
     run_podman ${PODMAN_LOGIN_ARGS} pull $REGISTRY_IMAGE ||
         run_podman ${PODMAN_LOGIN_ARGS} pull $REGISTRY_IMAGE ||
@@ -306,10 +306,10 @@ function _test_skopeo_credential_sharing() {
         skip "[leaving registry running by request]"
     fi
 
-    run_podman --root    ${PODMAN_LOGIN_WORKDIR}/root   \
+    run_podman --storage-driver=vfs --root    ${PODMAN_LOGIN_WORKDIR}/root   \
                --runroot ${PODMAN_LOGIN_WORKDIR}/runroot \
                rm -f registry
-    run_podman --root    ${PODMAN_LOGIN_WORKDIR}/root   \
+    run_podman --storage-driver=vfs --root    ${PODMAN_LOGIN_WORKDIR}/root   \
                --runroot ${PODMAN_LOGIN_WORKDIR}/runroot \
                rmi -a
 
diff --git a/test/system/330-corrupt-images.bats b/test/system/330-corrupt-images.bats
index c51cc8d464..2ee5eee9c9 100644
--- a/test/system/330-corrupt-images.bats
+++ b/test/system/330-corrupt-images.bats
@@ -19,7 +19,7 @@ PODMAN_CORRUPT_TEST_IMAGE_ID=961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364b
 # All tests in this file (and ONLY in this file) run with a custom rootdir
 function setup() {
     skip_if_remote "none of these tests run under podman-remote"
-    _PODMAN_TEST_OPTS="--root ${PODMAN_CORRUPT_TEST_WORKDIR}/root"
+    _PODMAN_TEST_OPTS="--storage-driver=vfs --root ${PODMAN_CORRUPT_TEST_WORKDIR}/root"
 }
 
 function teardown() {