Fix ownership of the working dir

The working dir should be owned by the owner of the container.

Signed-off-by: Daniel J Walsh <[email protected]>

imagebuildah/stage_executor.go

@@ -1325,7 +1325,7 @@ func (s *StageExecutor) commit(ctx context.Context, createdBy string, emptyLayer
 	return imgID, ref, nil
 }
 
-func (s *StageExecutor) EnsureContainerPath(path string) error {
+func (s *StageExecutor) EnsureContainerPath(path, user string) error {
 	targetPath, err := securejoin.SecureJoin(s.mountPoint, path)
 	if err != nil {
 		return errors.Wrapf(err, "error ensuring container path %q", path)
@@ -1339,11 +1339,15 @@ func (s *StageExecutor) EnsureContainerPath(path string) error {
 		}
 		// get the uid and gid so that we can set the correct permissions on the
 		// working directory
-		uid, gid, _, err := chrootuser.GetUser(s.mountPoint, s.builder.User())
+		uid, gid, _, err := chrootuser.GetUser(s.mountPoint, user)
 		if err != nil {
 			return errors.Wrapf(err, "error getting uid and gid for user %q", s.builder.User())
 		}
-		if err = os.Chown(targetPath, int(uid), int(gid)); err != nil {
+		hostUID, hostGID, err := util.GetHostIDs(s.builder.IDMappingOptions.UIDMap, s.builder.IDMappingOptions.GIDMap, uid, gid)
+		if err != nil {
+			return err
+		}
+		if err = os.Chown(targetPath, int(hostUID), int(hostGID)); err != nil {
 			return errors.Wrapf(err, "error setting ownership on %q", targetPath)
 		}
 	}

tests/bud/user/Containerfile

@@ -0,0 +1,6 @@
+FROM alpine
+USER bin
+WORKDIR /home/workdir
+RUN ls -ld /home/workdir
+RUN touch file
+RUN ls -l /home/workdir/file