Merge pull request #4026 from rhatdan/copy

Fix default to pause in podman cp

cmd/podman/cp.go

@@ -14,6 +14,7 @@ import (
 	"github.com/containers/libpod/cmd/podman/libpodruntime"
 	"github.com/containers/libpod/libpod"
 	"github.com/containers/libpod/libpod/define"
+	"github.com/containers/libpod/pkg/cgroups"
 	"github.com/containers/libpod/pkg/rootless"
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/archive"
@@ -52,7 +53,7 @@ func init() {
 	cpCommand.Command = _cpCommand
 	flags := cpCommand.Flags()
 	flags.BoolVar(&cpCommand.Extract, "extract", false, "Extract the tar file into the destination directory.")
-	flags.BoolVar(&cpCommand.Pause, "pause", true, "Pause the container while copying")
+	flags.BoolVar(&cpCommand.Pause, "pause", copyPause(), "Pause the container while copying")
 	cpCommand.SetHelpTemplate(HelpTemplate())
 	cpCommand.SetUsageTemplate(UsageTemplate())
 }
@@ -480,3 +481,14 @@ func pathWithBindMountSource(m specs.Mount, path string) (string, error) {
 	}
 	return securejoin.SecureJoin(m.Source, strings.TrimPrefix(path, m.Destination))
 }
+
+func copyPause() bool {
+	if !remoteclient && rootless.IsRootless() {
+		cgroupv2, _ := cgroups.IsCgroup2UnifiedMode()
+		if !cgroupv2 {
+			logrus.Debugf("defaulting to pause==false on rootless cp in cgroupv1 systems")
+			return false
+		}
+	}
+	return true
+}

docs/podman-cp.1.md

@@ -65,7 +65,7 @@ Extract the tar file into the destination directory. If the destination director
 
 **--pause**
 
-Pause the container while copying into it to avoid potential security issues around symlinks. Defaults to *false*.
+Pause the container while copying into it to avoid potential security issues around symlinks. Defaults to *true*. On rootless containers with cgroups V1, defaults to false.
 
 ## ALTERNATIVES