Merge pull request #3211 from rhatdan/overlay

Preserve ownership of lower directory when doing an overlay mount

Author: openshift-merge-robot

pkg/overlay/overlay.go

@@ -7,6 +7,7 @@ import (
 	"os/exec"
 	"path/filepath"
 	"strings"
+	"syscall"
 
 	"github.com/containers/storage/pkg/idtools"
 	"github.com/containers/storage/pkg/system"
@@ -84,6 +85,12 @@ func mountHelper(contentDir, source, dest string, _, _ int, graphOptions []strin
 		if err := os.Chmod(upperDir, st.Mode()); err != nil {
 			return mount, err
 		}
+		if stat, ok := st.Sys().(*syscall.Stat_t); ok {
+			if err := os.Chown(upperDir, int(stat.Uid), int(stat.Gid)); err != nil {
+				return mount, err
+			}
+		}
+
 		overlayOptions = fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s,private", source, upperDir, workDir)
 	}
 

tests/overlay.bats

@@ -31,21 +31,22 @@ load helpers
   [ "$status" -ne 0 ]
 }
 
-@test "overlay source permissions" {
+@test "overlay source permissions and owners" {
   if test \! -e /usr/bin/fuse-overlayfs -a "$BUILDAH_ISOLATION" = "rootless"; then
     skip "BUILDAH_ISOLATION = $BUILDAH_ISOLATION" and no /usr/bin/fuse-overlayfs present
   elif test "$STORAGE_DRIVER" = "vfs"; then
     skip "skipping overlay test because \$STORAGE_DRIVER = $STORAGE_DRIVER"
   fi
   image=alpine
   mkdir -m 770 ${TESTDIR}/lower
-  permission=`stat -c %a ${TESTDIR}/lower`
+  chown 1:1 ${TESTDIR}/lower
+  permission=$(stat -c "%a %u %g" ${TESTDIR}/lower)
   run_buildah from --quiet -v ${TESTDIR}/lower:/tmp/test:O --quiet --signature-policy ${TESTSDIR}/policy.json $image
   cid=$output
 
   # This should succeed
-  run_buildah run $cid sh -c 'stat -c %a /tmp/test'
-  expect_output $permission
+  run_buildah run $cid sh -c 'stat -c "%a %u %g" /tmp/test'
+  expect_output "$permission"
 
   # Create and remove content in the overlay directory, should succeed
   touch ${TESTDIR}/lower/foo