chown: use ToHostOverflow when chowning

when chowning an image, fall back to the overflow ID when a UID or GID cannot be mapped to the target user namespace. This ensures the chown driver works similar to what we do with idmapped mounts when it is supported for overlay. It is needed for CRI-O to support user namespaces in Kubernetes since the Kubelet picks a static size for the user namespace and it might break some images using IDs outside the picked range. Signed-off-by: Giuseppe Scrivano <[email protected]>
containers · Apr 28, 2022 · 28c166f · 28c166f
1 parent ed447c3
commit 28c166f
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/drivers/chown_unix.go b/drivers/chown_unix.go
@@ -76,7 +76,7 @@ func (c *platformChowner) LChown(path string, info os.FileInfo, toHost, toContai
 			UID: uid,
 			GID: gid,
 		}
-		mappedPair, err := toHost.ToHost(pair)
+		mappedPair, err := toHost.ToHostOverflow(pair)
 		if err != nil {
 			return fmt.Errorf("error mapping container ID pair %#v for %q to host: %v", pair, path, err)
 		}