diff --git a/cmd/podman/cp.go b/cmd/podman/cp.go index 661d0a5303..7205f93576 100644 --- a/cmd/podman/cp.go +++ b/cmd/podman/cp.go @@ -14,6 +14,7 @@ import ( "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/containers/libpod/libpod" "github.com/containers/libpod/libpod/define" + "github.com/containers/libpod/pkg/cgroups" "github.com/containers/libpod/pkg/rootless" "github.com/containers/storage" "github.com/containers/storage/pkg/archive" @@ -52,7 +53,7 @@ func init() { cpCommand.Command = _cpCommand flags := cpCommand.Flags() flags.BoolVar(&cpCommand.Extract, "extract", false, "Extract the tar file into the destination directory.") - flags.BoolVar(&cpCommand.Pause, "pause", true, "Pause the container while copying") + flags.BoolVar(&cpCommand.Pause, "pause", copyPause(), "Pause the container while copying") cpCommand.SetHelpTemplate(HelpTemplate()) cpCommand.SetUsageTemplate(UsageTemplate()) } @@ -480,3 +481,14 @@ func pathWithBindMountSource(m specs.Mount, path string) (string, error) { } return securejoin.SecureJoin(m.Source, strings.TrimPrefix(path, m.Destination)) } + +func copyPause() bool { + if !remoteclient && rootless.IsRootless() { + cgroupv2, _ := cgroups.IsCgroup2UnifiedMode() + if !cgroupv2 { + logrus.Debugf("defaulting to pause==false on rootless cp in cgroupv1 systems") + return false + } + } + return true +} diff --git a/docs/podman-cp.1.md b/docs/podman-cp.1.md index e3d992b558..736bdb12a4 100644 --- a/docs/podman-cp.1.md +++ b/docs/podman-cp.1.md @@ -65,7 +65,7 @@ Extract the tar file into the destination directory. If the destination director **--pause** -Pause the container while copying into it to avoid potential security issues around symlinks. Defaults to *false*. +Pause the container while copying into it to avoid potential security issues around symlinks. Defaults to *true*. On rootless containers with cgroups V1, defaults to false. ## ALTERNATIVES