Ensure WORKDIR from images is created #7176
Conversation
openshift-ci-robot
added
the
approved
|
@giuseppe PTAL |
|
(This PR also includes a large swath of comment updates to fields in Container, because the lack of descriptiveness annoyed me) |
| if len(newEntry) > 0 { | ||
| options = append(options, libpod.WithCreateWorkingDir()) | ||
| } |
There was a problem hiding this comment.
shouldn't we look at img.WorkingDir(...)? Why does it depend on the entrypoint?
|
Does the owner of the WORKDIR depend on the user of the image or the root of the image? Is work dir supposed to be owned by dwalsh, or by root? |
|
In Docker, it's always owned by root. |
A recent crun change stopped the creation of the container's working directory if it does not exist. This is arguably correct for user-specified directories, to protect against typos; it is definitely not correct for image WORKDIR, where the image author definitely intended for the directory to be used. This makes Podman create the working directory and chown it to container root, if it does not already exist, and only if it was specified by an image, not the user. Signed-off-by: Matthew Heon <[email protected]>
|
LGTM |
|
/lgtm |
openshift-ci-robot
added
the
do-not-merge/hold
openshift-ci-robot
added
lgtm
|
Image in the E2E test from a |
Signed-off-by: Matthew Heon <[email protected]>
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mheon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
The problem appears to be with remote - all the tests that build images are SkipIfRemote. I made this one SkipIfRemote as well. |
|
LGTM |
|
/lgtm |
openshift-ci-robot
added
lgtm
|
We merged a rather exotic commit message (going through commits atm) |
|
Yeah, that one was my fault... I made a debug commit to figure out why the tests were failing, and when I fixed it I did a The good news is that the actual things that should not be merged were wiped out by that |
github-actions
bot
added
the
locked - please file new issue/PR
A recent crun change stopped the creation of the container's working directory if it does not exist. This is arguably correct for user-specified directories, to protect against typos; it is definitely not correct for image WORKDIR, where the image author definitely intended for the directory to be used.
This makes Podman create the working directory and chown it to container root, if it does not already exist, and only if it was specified by an image, not the user.