New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wrong permissions on idmapped volumes created before starting the container #21608
Labels
kind/bug
Categorizes issue or PR as related to a bug.
Comments
giuseppe
added a commit
to giuseppe/libpod
that referenced
this issue
Feb 12, 2024
if the target mount path already exists and the container uses a user namespace, correctly map the target UID/GID to the host values before attempting a chown. Closes: containers#21608 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
opened a PR: #21611 |
giuseppe
added a commit
to giuseppe/libpod
that referenced
this issue
Feb 12, 2024
if the target mount path already exists and the container uses a user namespace, correctly map the target UID/GID to the host values before attempting a chown. Closes: containers#21608 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libpod
that referenced
this issue
Feb 12, 2024
if the target mount path already exists and the container uses a user namespace, correctly map the target UID/GID to the host values before attempting a chown. Closes: containers#21608 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
giuseppe
added a commit
to giuseppe/libpod
that referenced
this issue
Feb 12, 2024
if the target mount path already exists and the container uses a user namespace, correctly map the target UID/GID to the host values before attempting a chown. Closes: containers#21608 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@giuseppe I just noticed this is still broken if the container-dir does not exist: $ podman version
Client: Podman Engine
Version: 5.0.0
API Version: 5.0.0
Go Version: go1.22.1
Git Commit: e71ec6f1d94d2d97fb3afe08aae0d8adaf8bddf0-dirty
Built: Thu Mar 21 23:30:17 2024
OS/Arch: linux/amd64
$ sudo podman volume create test
test
$ sudo podman run --rm --userns=auto -v test:/test:idmap archlinux touch /test/123
touch: cannot touch '/test/123': Permission denied Can we reopen this issue or do you want a new issue? :) |
please open a new one |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue Description
This is basically the same issue as #16724:
The fix for said issue (#16739), only disable chowing if the volume does not exist, but if the volume is created prior to starting the container (e.g. with
podman volume create
), the volume is chowned and the permissions are wrong.Steps to reproduce the issue
Steps to reproduce the issue
podman volume create test
(asroot
)podman run --rm --userns=auto -v test:/mnt:idmap archlinux touch /mnt/123
(asroot
)Describe the results you received
The process is unable to create the file, due to wrong permissions.
Describe the results you expected
The process being able to create the file.
podman info output
Podman in a container
No
Privileged Or Rootless
Privileged
Upstream Latest Release
Yes
Additional environment details
N/A
Additional information
I noticed this while trying to use the "new"
:idmap
option (as described in #16250) withgitlab-runner
, which creates the volumes first and then uses them.The text was updated successfully, but these errors were encountered: