From f7e72bc86aff2ff986290f190309deceb7f22099 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 22 Mar 2019 12:15:26 +0100 Subject: [PATCH] volumes: push the chown logic to runtime_volume_linux.go Signed-off-by: Giuseppe Scrivano --- libpod/options.go | 22 ++++++++++++++++++++++ libpod/runtime_ctr.go | 5 +---- libpod/runtime_volume_linux.go | 14 ++++++++++++-- libpod/volume.go | 2 ++ 4 files changed, 37 insertions(+), 6 deletions(-) diff --git a/libpod/options.go b/libpod/options.go index 84c5413140..6bc1455539 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -1274,6 +1274,28 @@ func WithVolumeName(name string) VolumeCreateOption { } } +// WithVolumeUID sets the uid of the owner. +func WithVolumeUID(uid int) VolumeCreateOption { + return func(volume *Volume) error { + if volume.valid { + return ErrVolumeFinalized + } + volume.config.UID = uid + return nil + } +} + +// WithVolumeGID sets the gid of the owner. +func WithVolumeGID(gid int) VolumeCreateOption { + return func(volume *Volume) error { + if volume.valid { + return ErrVolumeFinalized + } + volume.config.GID = gid + return nil + } +} + // WithVolumeLabels sets the labels of the volume. func WithVolumeLabels(labels map[string]string) VolumeCreateOption { return func(volume *Volume) error { diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index 7c39d8ced2..17340f56dd 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -182,14 +182,11 @@ func (r *Runtime) newContainer(ctx context.Context, rSpec *spec.Spec, options .. if vol.Source[0] != '/' && isNamedVolume(vol.Source) { volInfo, err := r.state.Volume(vol.Source) if err != nil { - newVol, err := r.newVolume(ctx, WithVolumeName(vol.Source), withSetCtrSpecific()) + newVol, err := r.newVolume(ctx, WithVolumeName(vol.Source), withSetCtrSpecific(), WithVolumeUID(ctr.RootUID()), WithVolumeGID(ctr.RootGID())) if err != nil { return nil, errors.Wrapf(err, "error creating named volume %q", vol.Source) } ctr.config.Spec.Mounts[i].Source = newVol.MountPoint() - if err := os.Chown(ctr.config.Spec.Mounts[i].Source, ctr.RootUID(), ctr.RootGID()); err != nil { - return nil, errors.Wrapf(err, "cannot chown %q to %d:%d", ctr.config.Spec.Mounts[i].Source, ctr.RootUID(), ctr.RootGID()) - } if err := ctr.copyWithTarFromImage(ctr.config.Spec.Mounts[i].Destination, ctr.config.Spec.Mounts[i].Source); err != nil && !os.IsNotExist(err) { return nil, errors.Wrapf(err, "failed to copy content into new volume mount %q", vol.Source) } diff --git a/libpod/runtime_volume_linux.go b/libpod/runtime_volume_linux.go index 5767a99e7b..db5c292422 100644 --- a/libpod/runtime_volume_linux.go +++ b/libpod/runtime_volume_linux.go @@ -51,10 +51,20 @@ func (r *Runtime) newVolume(ctx context.Context, options ...VolumeCreateOption) } // Create the mountpoint of this volume - fullVolPath := filepath.Join(r.config.VolumePath, volume.config.Name, "_data") - if err := os.MkdirAll(fullVolPath, 0755); err != nil { + volPathRoot := filepath.Join(r.config.VolumePath, volume.config.Name) + if err := os.MkdirAll(volPathRoot, 0700); err != nil { + return nil, errors.Wrapf(err, "error creating volume directory %q", volPathRoot) + } + if err := os.Chown(volPathRoot, volume.config.UID, volume.config.GID); err != nil { + return nil, errors.Wrapf(err, "error chowning volume directory %q to %d:%d", volPathRoot, volume.config.UID, volume.config.GID) + } + fullVolPath := filepath.Join(volPathRoot, "_data") + if err := os.Mkdir(fullVolPath, 0755); err != nil { return nil, errors.Wrapf(err, "error creating volume directory %q", fullVolPath) } + if err := os.Chown(fullVolPath, volume.config.UID, volume.config.GID); err != nil { + return nil, errors.Wrapf(err, "error chowning volume directory %q to %d:%d", fullVolPath, volume.config.UID, volume.config.GID) + } if err := LabelVolumePath(fullVolPath, true); err != nil { return nil, err } diff --git a/libpod/volume.go b/libpod/volume.go index 0c7618841a..0b37d44efe 100644 --- a/libpod/volume.go +++ b/libpod/volume.go @@ -21,6 +21,8 @@ type VolumeConfig struct { Options map[string]string `json:"options"` Scope string `json:"scope"` IsCtrSpecific bool `json:"ctrSpecific"` + UID int `json:"uid"` + GID int `json:"gid"` } // Name retrieves the volume's name