mirror of
https://github.com/containers/podman.git
synced 2025-05-21 17:16:22 +08:00
452decf8a4
As part of a fix for an earlier bug (#5698) we added the ability for Podman to chown volumes to correctly match the user running in the container, even in adverse circumstances (where we don't know the right UID/GID until very late in the process). However, we only did this for volumes created automatically by a `podman run` or `podman create`. Volumes made by `podman volume create` do not get this chown, so their permissions may not be correct. I've looked, and I don't think there's a good reason not to do this chwon for all volumes the first time the container is started. I would prefer to do this as part of volume copy-up, but I don't think that's really possible (copy-up happens earlier in the process and we don't have a spec). There is a small chance, as things stand, that a copy-up happens for one container and then a chown for a second, unrelated container, but the odds of this are astronomically small (we'd need a very close race between two starting containers). Fixes #9608 Signed-off-by: Matthew Heon <mheon@redhat.com>
72 lines
1.7 KiB
Go
72 lines
1.7 KiB
Go
package libpod
|
|
|
|
import (
|
|
"os"
|
|
"path/filepath"
|
|
|
|
"github.com/containers/podman/v3/libpod/define"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
// Creates a new volume
|
|
func newVolume(runtime *Runtime) *Volume {
|
|
volume := new(Volume)
|
|
volume.config = new(VolumeConfig)
|
|
volume.state = new(VolumeState)
|
|
volume.runtime = runtime
|
|
volume.config.Labels = make(map[string]string)
|
|
volume.config.Options = make(map[string]string)
|
|
volume.state.NeedsCopyUp = true
|
|
volume.state.NeedsChown = true
|
|
return volume
|
|
}
|
|
|
|
// teardownStorage deletes the volume from volumePath
|
|
func (v *Volume) teardownStorage() error {
|
|
if v.UsesVolumeDriver() {
|
|
return nil
|
|
}
|
|
|
|
// TODO: Should this be converted to use v.config.MountPoint?
|
|
return os.RemoveAll(filepath.Join(v.runtime.config.Engine.VolumePath, v.Name()))
|
|
}
|
|
|
|
// Volumes with options set, or a filesystem type, or a device to mount need to
|
|
// be mounted and unmounted.
|
|
func (v *Volume) needsMount() bool {
|
|
// Non-local driver always needs mount
|
|
if v.UsesVolumeDriver() {
|
|
return true
|
|
}
|
|
|
|
// Local driver with options needs mount
|
|
return len(v.config.Options) > 0
|
|
}
|
|
|
|
// update() updates the volume state from the DB.
|
|
func (v *Volume) update() error {
|
|
if err := v.runtime.state.UpdateVolume(v); err != nil {
|
|
return err
|
|
}
|
|
if !v.valid {
|
|
return define.ErrVolumeRemoved
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// save() saves the volume state to the DB
|
|
func (v *Volume) save() error {
|
|
return v.runtime.state.SaveVolume(v)
|
|
}
|
|
|
|
// Refresh volume state after a restart.
|
|
func (v *Volume) refresh() error {
|
|
lock, err := v.runtime.lockManager.AllocateAndRetrieveLock(v.config.LockID)
|
|
if err != nil {
|
|
return errors.Wrapf(err, "error acquiring lock %d for volume %s", v.config.LockID, v.Name())
|
|
}
|
|
v.lock = lock
|
|
|
|
return nil
|
|
}
|