containers · openshift-merge-robot · Mar 4, 2021 · Mar 3, 2021 · Mar 4, 2021
diff --git a/buildah.go b/buildah.go
@@ -28,7 +28,7 @@ const (
 	Package = "buildah"
 	// Version for the Package.  Bump version in contrib/rpm/buildah.spec
 	// too.
-	Version = "1.19.6"
+	Version = "1.19.7"
 	// The value we use to identify what type of information, currently a
 	// serialized Builder structure, we are using as per-container state.
 	// This should only be changed when we make incompatible changes to

diff --git a/contrib/rpm/buildah.spec b/contrib/rpm/buildah.spec
@@ -26,7 +26,7 @@
 
 Name:           buildah
 # Bump version in buildah.go too
-Version:        1.19.6
+Version:        1.19.7
 Release:        1.git%{shortcommit}%{?dist}
 Summary:        A command line tool used to creating OCI Images
 License:        ASL 2.0
@@ -100,6 +100,9 @@ make DESTDIR=%{buildroot} PREFIX=%{_prefix} install install.completions
 %{_datadir}/bash-completion/completions/*
 
 %changelog
+* Thu Mar 4, 2021 Dan Walsh <[email protected]> 1.19.7-1
+- Set upperdir permissions based on source
+
 * Thu Feb 18, 2021 Tom Sweeney <[email protected]> 1.19.6-1
 -  Bump c/containers/storage v1.24.6
 -  Don't fail copy to emptydir

diff --git a/pkg/overlay/overlay.go b/pkg/overlay/overlay.go
@@ -77,13 +77,11 @@ func mountHelper(contentDir, source, dest string, _, _ int, graphOptions []strin
 		// Read-write overlay mounts want a lower, upper and a work layer.
 		workDir := filepath.Join(contentDir, "work")
 		upperDir := filepath.Join(contentDir, "upper")
-		st, err := os.Stat(dest)
-		if err == nil {
-			if err := os.Chmod(upperDir, st.Mode()); err != nil {
-				return mount, err
-			}
+		st, err := os.Stat(source)
+		if err != nil {
+			return mount, err
 		}
-		if !os.IsNotExist(err) {
+		if err := os.Chmod(upperDir, st.Mode()); err != nil {
 			return mount, err
 		}
 		overlayOptions = fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s,private", source, upperDir, workDir)

diff --git a/tests/overlay.bats b/tests/overlay.bats
@@ -30,25 +30,21 @@ load helpers
   [ "$status" -ne 0 ]
 }
 
-@test "overlay dest permissions" {
+@test "overlay source permissions" {
   if test \! -e /usr/bin/fuse-overlayfs -a "$BUILDAH_ISOLATION" = "rootless"; then
     skip "BUILDAH_ISOLATION = $BUILDAH_ISOLATION" and no /usr/bin/fuse-overlayfs present
   elif test "$STORAGE_DRIVER" = "vfs"; then
     skip "skipping overlay test because \$STORAGE_DRIVER = $STORAGE_DRIVER"
   fi
   image=alpine
   mkdir ${TESTDIR}/lower
-  run_buildah from --quiet --quiet --signature-policy ${TESTSDIR}/policy.json $image
-  cid=$output
-  run_buildah run $cid sh -c 'ls -ld /tmp | cut -f1 -d" "'
-  permission=$output
-  run_buildah rm $cid
-
-  run_buildah from --quiet -v ${TESTDIR}/lower:/tmp:O --quiet --signature-policy ${TESTSDIR}/policy.json $image
+  chmod 770 ${TESTDIR}/lower
+  permissions=`ls -ld ${TESTDIR}/lower | cut -f1 -d" "`
+  run_buildah from --quiet -v ${TESTDIR}/lower:/tmp/test:O --quiet --signature-policy ${TESTSDIR}/policy.json $image
   cid=$output
 
   # This should succeed
-  run_buildah run $cid sh -c 'ls -ld /tmp | cut -f1 -d" "'
+  run_buildah run $cid sh -c 'ls -ld /tmp/test | cut -f1 -d" "'
   expect_output $permission
 
   # Create and remove content in the overlay directory, should succeed