mirror of
https://github.com/containers/podman.git
synced 2025-12-04 12:17:34 +08:00
remote copy
Implement `podman-remote cp` and break out the logic from the previously added `pkg/copy` into it's basic building blocks and move them up into the `ContainerEngine` interface and `cmd/podman`. The `--pause` and `--extract` flags are now deprecated and turned into nops. Note that this commit is vendoring a non-release version of Buildah to pull in updates to the copier package. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
This commit is contained in:
Valentin Rothberg
60
vendor/github.com/containers/buildah/run_linux.go
generated
vendored
60
vendor/github.com/containers/buildah/run_linux.go
generated
vendored
@@ -506,8 +506,14 @@ func (b *Builder) setupMounts(mountPoint string, spec *specs.Spec, bundlePath st
|
||||
return err
|
||||
}
|
||||
|
||||
// Get host UID and GID of the container process.
|
||||
processUID, processGID, err := util.GetHostIDs(spec.Linux.UIDMappings, spec.Linux.GIDMappings, spec.Process.User.UID, spec.Process.User.GID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Get the list of explicitly-specified volume mounts.
|
||||
volumes, err := b.runSetupVolumeMounts(spec.Linux.MountLabel, volumeMounts, optionMounts, int(rootUID), int(rootGID))
|
||||
volumes, err := b.runSetupVolumeMounts(spec.Linux.MountLabel, volumeMounts, optionMounts, int(rootUID), int(rootGID), int(processUID), int(processGID))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -1687,7 +1693,7 @@ func (b *Builder) cleanupTempVolumes() {
|
||||
}
|
||||
}
|
||||
|
||||
func (b *Builder) runSetupVolumeMounts(mountLabel string, volumeMounts []string, optionMounts []specs.Mount, rootUID, rootGID int) (mounts []specs.Mount, Err error) {
|
||||
func (b *Builder) runSetupVolumeMounts(mountLabel string, volumeMounts []string, optionMounts []specs.Mount, rootUID, rootGID, processUID, processGID int) (mounts []specs.Mount, Err error) {
|
||||
|
||||
// Make sure the overlay directory is clean before running
|
||||
containerDir, err := b.store.ContainerDirectory(b.ContainerID)
|
||||
@@ -1699,7 +1705,7 @@ func (b *Builder) runSetupVolumeMounts(mountLabel string, volumeMounts []string,
|
||||
}
|
||||
|
||||
parseMount := func(mountType, host, container string, options []string) (specs.Mount, error) {
|
||||
var foundrw, foundro, foundz, foundZ, foundO bool
|
||||
var foundrw, foundro, foundz, foundZ, foundO, foundU bool
|
||||
var rootProp string
|
||||
for _, opt := range options {
|
||||
switch opt {
|
||||
@@ -1713,6 +1719,8 @@ func (b *Builder) runSetupVolumeMounts(mountLabel string, volumeMounts []string,
|
||||
foundZ = true
|
||||
case "O":
|
||||
foundO = true
|
||||
case "U":
|
||||
foundU = true
|
||||
case "private", "rprivate", "slave", "rslave", "shared", "rshared":
|
||||
rootProp = opt
|
||||
}
|
||||
@@ -1730,6 +1738,11 @@ func (b *Builder) runSetupVolumeMounts(mountLabel string, volumeMounts []string,
|
||||
return specs.Mount{}, err
|
||||
}
|
||||
}
|
||||
if foundU {
|
||||
if err := chownSourceVolume(host, processUID, processGID); err != nil {
|
||||
return specs.Mount{}, err
|
||||
}
|
||||
}
|
||||
if foundO {
|
||||
containerDir, err := b.store.ContainerDirectory(b.ContainerID)
|
||||
if err != nil {
|
||||
@@ -1746,6 +1759,14 @@ func (b *Builder) runSetupVolumeMounts(mountLabel string, volumeMounts []string,
|
||||
|
||||
b.TempVolumes[contentDir] = true
|
||||
}
|
||||
|
||||
// If chown true, add correct ownership to the overlay temp directories.
|
||||
if foundU {
|
||||
if err := chownSourceVolume(contentDir, processUID, processGID); err != nil {
|
||||
return specs.Mount{}, err
|
||||
}
|
||||
}
|
||||
|
||||
return overlayMount, err
|
||||
}
|
||||
if rootProp == "" {
|
||||
@@ -1789,6 +1810,39 @@ func (b *Builder) runSetupVolumeMounts(mountLabel string, volumeMounts []string,
|
||||
return mounts, nil
|
||||
}
|
||||
|
||||
// chownSourceVolume changes the ownership of a volume source directory or file within the host.
|
||||
func chownSourceVolume(path string, UID, GID int) error {
|
||||
fi, err := os.Lstat(path)
|
||||
if err != nil {
|
||||
// Skip if path does not exist
|
||||
if os.IsNotExist(err) {
|
||||
logrus.Debugf("error returning file info of %q: %v", path, err)
|
||||
return nil
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
currentUID := int(fi.Sys().(*syscall.Stat_t).Uid)
|
||||
currentGID := int(fi.Sys().(*syscall.Stat_t).Gid)
|
||||
|
||||
if UID != currentUID || GID != currentGID {
|
||||
err := filepath.Walk(path, func(filePath string, f os.FileInfo, err error) error {
|
||||
return os.Lchown(filePath, UID, GID)
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
// Skip if path does not exist
|
||||
if os.IsNotExist(err) {
|
||||
logrus.Debugf("error changing the uid and gid of %q: %v", path, err)
|
||||
return nil
|
||||
}
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func setupMaskedPaths(g *generate.Generator) {
|
||||
for _, mp := range []string{
|
||||
"/proc/acpi",
|
||||
|
||||
Reference in New Issue
Block a user