Volumes always owned by root

[neVERberleRfellerER]

/kind bug

Description

Volumes are always owned by root instead of inheriting owner and group from image.

Steps to reproduce the issue:

(ipfs used as example, but it happens with other images too)

1.podman run --rm -it --entrypoint /bin/sh ipfs/go-ipfs

2. use ls -laF /data in container,

3. see that volume is owned by root

Describe the results you received:

drwxr-xr-x 2 root root 4096 Mar 13 20:36 ipfs/

ipfs failing on permission denied

Describe the results you expected:

drwxr-xr-x 2 ipfs users 4096 Mar 13 20:28 ipfs/

ipfs working

Additional information you deem important (e.g. issue happens only occasionally):

Perfectly reproducible.

Output of podman version:

Version:            1.1.2
RemoteAPI Version:  1
Go Version:         go1.11.5
Git Commit:         a95a49d3038462d033f84ac314ec8a3064a99cff
Built:              Tue Mar  5 19:10:31 2019
OS/Arch:            linux/amd64

Output of podman info --debug:

debug:
  compiler: gc
  git commit: a95a49d3038462d033f84ac314ec8a3064a99cff
  go version: go1.11.5
  podman version: 1.1.2
host:
  BuildahVersion: 1.7.1
  Conmon:
    package: podman-1.1.2-1.git0ad9b6b.fc29.x86_64
    path: /usr/libexec/podman/conmon
    version: 'conmon version 1.12.0-dev, commit: a95a49d3038462d033f84ac314ec8a3064a99cff'
  Distribution:
    distribution: fedora
    version: "29"
  MemFree: 6182543360
  MemTotal: 8361332736
  OCIRuntime:
    package: runc-1.0.0-68.dev.git6635b4f.fc29.x86_64
    path: /usr/bin/runc
    version: |-
      runc version 1.0.0-rc6+dev
      commit: ef9132178ccc3d2775d4fb51f1e431f30cac1398-dirty
      spec: 1.0.1-dev
  SwapFree: 3439325184
  SwapTotal: 3439325184
  arch: amd64
  cpus: 4
  hostname: localhost.localdomain
  kernel: 4.20.14-200.fc29.x86_64
  os: linux
  rootless: true
  uptime: 22m 18.3s
insecure registries:
  registries: []
registries:
  registries:
  - docker.io
  - registry.fedoraproject.org
  - quay.io
  - registry.access.redhat.com
  - registry.centos.org
store:
  ConfigFile: /home/user/.config/containers/storage.conf
  ContainerStore:
    number: 0
  GraphDriverName: overlay
  GraphOptions:
  - overlay.mount_program=/usr/bin/fuse-overlayfs
  GraphRoot: /var/home/user/.local/share/containers/storage
  GraphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  ImageStore:
    number: 0
  RunRoot: /run/user/1000
  VolumePath: /var/home/user/.local/share/containers/storage/volumes

Additional environment details (AWS, VirtualBox, physical, etc.):

physical, KVM. Happens on Fedora Silverblue, Fedora Atomic (with podman 1.0.0) and Arch Linux (without fuse-overlayfs).

[rhatdan]

What did the Dockerfile look like that created that image?

[neVERberleRfellerER]

It's there:
https://hub.docker.com/r/ipfs/go-ipfs/dockerfile
The important part is

ENV IPFS_PATH /data/ipfs
RUN mkdir -p $IPFS_PATH \
  && adduser -D -h $IPFS_PATH -u 1000 -G users ipfs \
  && chown ipfs:users $IPFS_PATH

[rhatdan]

@neVERberleRfellerER Any chance you could build from master and see if this fixes the is you were seeing.

[neVERberleRfellerER]

@rhatdan I compiled your volumes branch on Arch Linux (I don't know how to build packages on Fedora) and there are 2 problems:

1. Container can't be started without explicit volume mounts - without them, it fails on "stat /path: no such file or directory"
2. Even with explicit volume mounts, I still see volumes as owned by root.

I can't rule out some kind of mistake on my side (actually, probability of such is very high).

[rhatdan]

Sorry I fixed the path, probably should have waited for it to pass tests. :^(

[neVERberleRfellerER]

Now it works perfectly!

[neVERberleRfellerER]

Fixed by #2643 .
Thanks!