podman cp: ignore EPERMs in rootless mode #9630
Conversation
openshift-ci-robot
added
the
approved
vrothberg
force-pushed
the
cp-rootless-eperms
branch
from
19c97e7 to
0bad4f5
Compare
|
/lgtm |
openshift-ci-robot
added
the
do-not-merge/hold
|
*sigh ... the seccomp issues seem to still not be fixed |
|
Blocked on #9554 |
|
Added another to commit to fix the ownership issues reported in #9626 |
|
LGTM |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: giuseppe, vrothberg The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
LGTM once #9554 merges |
|
I have some more fixes in the pipeline :^) |
vrothberg
force-pushed
the
cp-rootless-eperms
branch
from
0fd8bdb to
02ff0f9
Compare
openshift-ci-robot
added
the
needs-rebase
|
/hold |
vrothberg
force-pushed
the
cp-rootless-eperms
branch
from
02ff0f9 to
0f23722
Compare
openshift-ci-robot
removed
the
needs-rebase
openshift-ci-robot
added
the
needs-rebase
vrothberg
force-pushed
the
cp-rootless-eperms
branch
from
0f23722 to
355e3a3
Compare
openshift-ci-robot
removed
the
needs-rebase
|
Vendoring |
vrothberg
force-pushed
the
cp-rootless-eperms
branch
from
355e3a3 to
0bc328c
Compare
|
/hold cancel |
openshift-ci-robot
removed
the
do-not-merge/hold
Signed-off-by: Valentin Rothberg <[email protected]>
Ignore permission errors when copying from a rootless container. TTY devices inside rootless containers are owned by the host's root user which is "nobody" inside the container's user namespace rendering us unable to even read them. Enable the integration test which was temporarily disabled for rootless users. Signed-off-by: Valentin Rothberg <[email protected]>
Make sure the files are chowned to the host/container user, depending on where things are being copied to. Fixes: containers#9626 Signed-off-by: Valentin Rothberg <[email protected]>
Copy is full of perils. Some of them are the nuances when copying directories. Who would have thought that * cp dir foo * cp dir/ foo * cp dir/. foo are all supposed to yield the same result when foo does not exist. `podman cp` now supports all three notations, which required to massage the front-end code in `cmd/podman` a bit. The tests have been extended and partially rewritten to test container->host and host->container copy operations. Signed-off-by: Valentin Rothberg <[email protected]>
vrothberg
force-pushed
the
cp-rootless-eperms
branch
from
0bc328c to
0e38d91
Compare
|
@eriksjolund, the commits should fix the bugs you reported. Thank you again! @containers/podman-maintainers PTAL. Note that there are still some subtle differences between Docker and Podman. For instance, Docker does NOT allow to copy symlinks from the host that escape the path. For instance, |
vrothberg
force-pushed
the
cp-rootless-eperms
branch
from
0e38d91 to
cee76f4
Compare
When copying from a container, make sure to evaluate the symlinks correctly. Add tests copying a symlinked directory from a running and a non-running container to execute both path-resolution paths. Signed-off-by: Valentin Rothberg <[email protected]>
vrothberg
force-pushed
the
cp-rootless-eperms
branch
from
cee76f4 to
1f2f7e7
Compare
|
Merge me |
|
Merge me :) |
|
/lgtm |
github-actions
bot
added
the
locked - please file new issue/PR
Ignore permission errors when copying from a rootless container.
TTY devices inside rootless containers are owned by the host's
root user which is "nobody" inside the container's user namespace
rendering us unable to even read them.
Enable the integration test which was temporarily disabled for rootless
users.
Signed-off-by: Valentin Rothberg [email protected]
Note: I broke out the vendor commit for buildah@master to make the fixes easier to backport if needed.
@containers/podman-maintainers @giuseppe PTAL