make sure the workdir exists on container mount

[vrothberg]

A container's workdir can be specified via the CLI via --workdir and
via an image config with the CLI having precedence.

Since images have a tendency to specify workdirs without necessarily
shipping the paths with the root FS, make sure that Podman creates the
workdir. When specified via the CLI, do not create the path, but check
for its existence and return a human-friendly error.

Fixes: #9040
Signed-off-by: Valentin Rothberg [email protected]

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: vrothberg

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [vrothberg]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[vrothberg]

@mheon PTAL

[vrothberg]

@edsantiago PTAL

[edsantiago]

LGTM, with one suggestion. I'm always trying to encourage people to piggyback on existing tests. Every second we save is valuable, and podman build takes a long long time.

[edsantiago]

Thinking back... wasn't there a good reason why podman decided not to implicitly create workdirs? @mheon @rhatdan @baude ?

[mheon]

I'm a little reluctant here - @giuseppe made this change in crun with the intention that user-specified workdirs that do not exist would cause errors.

[mheon]

@edsantiago Logic was to catch user error - a workdir not specified by the image, that does not exist, is probably a typo.

[edsantiago]

Thanks @mheon. I remember that now.

Whichever way we go, we need to embed that decision in the code. If we go this route, please document it. If we reject this PR, I will add a system test that explicitly checks for failure and explains the reason in a test comment.

[vrothberg]

Notes from the meeting: Consensus was on only creating the workdir if specified by the image. When specified by the user, Podman should error out if it does not exist.

[vrothberg]

Updated. PTanotherL

[vrothberg]

Integration failure looks legit. I will have a look tomorrow morning.

[giuseppe]

how would it work with volumes?

if we have something like podman run -v /foo:/foo -w /foo/bar ... the working dir must be looked up in the volume mount

[vrothberg]

Very good point.

To make this work, we can reuse the copy code in pkg/domain/infra/abi/containers_stat.go and move it into libpod. But I think that should be a separate PR.

@mheon WDYT?

[vrothberg]

Actually, we need to tackle this now to make system tests happy.

[mheon]

Would your intention be to replace the copy-up code wholesale, or just move the bit that determines where the path in a container lives?

[vrothberg]

Just the latter.

[rhatdan]

Just out of curiosity, could you try this with a --read-only container?

[vrothberg]

Just out of curiosity, could you try this with a --read-only container?

# With --workdir
podman (fix-9040) $ ./bin/podman run  --rm --workdir=/foo/bar --read-only alpine pwd
Error: workdir "/foo/bar" does not exist on container a94d26e8b4fe7d29ca49395b4c9ff0edcdfa25010257642f749530b92d9a4e4d

# With workdir from the image
podman (fix-9040) $ ./bin/podman run  --rm --read-only test pwd
/i/do/not/exist

[rhatdan]

Excellent.

[vrothberg]

Merge me :) (assuming I am pleasing)

[mheon]

This should do the standard lock + sync if it's a public function

[vrothberg]

It's safe to use concurrently/

[vrothberg]

Or shall I lock and then mount and unmount?

[mheon]

My concern isn't really concurrency so much as removed containers - we could have the container removed out from under us midway through this, between Mount and Unmount, for example. Preference would be lock then mount() / unmount()

[mheon]

Although, looking at it more, I think a lot of the logic in Unmount() isn't duplicated in unmount()... I don't think it can be safely moved in there, either (we have two cases for unmounting - cases like this, where an external user wants to access the container's root filesystem - the code in Unmount() works there - and cases where Libpod wants to stop the container - the code in Unmount works there).

@vrothberg What would you think about making ResolvePath() be contingent on the container already being mounted? It seems like it would simplify the code, and potentially make things a bit more performant (we wouldn't need to call Mount more than once in the Copy code).

[vrothberg]

@mheon sounds good to me. One early version of the change was exactly like that but I preferred to play it safe. I'll go as suggested and repush.

[vrothberg]

Ready to go

[vrothberg]

Marking as backport for 3.0. Please raise your voice in case you have concerns.

[rhatdan]

I want @mheon to approve and merge.

[giuseppe]

to check for a bind mount, we'd need to look for bind or rbind in the options, the type is ignored by the runtime

[mheon]

I think we require that Type also be set for Libpod - at the very least, all of our existing code is guaranteed to do so.

[vrothberg]

Currently, i's detecting correctly when using --mount=type=bind etc. It's pretty the code from cp.

If there's something missing, let's fix that in a separate PR.

[mheon]

/lgtm

[mheon]

/hold

[mheon]

Oops, I think I was the only LGTM... Need one more to merge