Skip to content

Commit

Permalink
fix logic when not creating a workdir
Browse files Browse the repository at this point in the history
When resolving the workdir of a container, we may need to create unless
the user set it explicitly on the command line.  Otherwise, we just do a
presence check.  Unfortunately, there was a missing return that lead us
to fall through into attempting to create and chown the workdir.  That
caused a regression when running on a read-only root fs.

Fixes: containers#9230
Signed-off-by: Valentin Rothberg <[email protected]>
  • Loading branch information
vrothberg authored and mheon committed Feb 5, 2021
1 parent 9cf6b7f commit 353c3b0
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 0 deletions.
1 change: 1 addition & 0 deletions libpod/container_internal_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -213,6 +213,7 @@ func (c *Container) resolveWorkDir() error {
// we need to return the full error.
return errors.Wrapf(err, "error detecting workdir %q on container %s", workdir, c.ID())
}
return nil
}

// Ensure container entrypoint is created (if required).
Expand Down
13 changes: 13 additions & 0 deletions test/system/030-run.bats
Original file line number Diff line number Diff line change
Expand Up @@ -608,6 +608,19 @@ json-file | f
# a subdir of a volume.
run_podman run --rm --workdir /IamNotOntheImage -v $testdir/content:/IamNotOntheImage/foo $IMAGE cat foo
is "$output" "$randomcontent" "cat random content"

# Make sure that running on a read-only rootfs works (#9230).
if ! is_rootless && ! is_remote; then
# image mount is hard to test as a rootless user
# and does not work remotely
run_podman image mount $IMAGE
romount="$output"

run_podman run --rm --rootfs $romount echo "Hello world"
is "$output" "Hello world"

run_podman image unmount $IMAGE
fi
}

# vim: filetype=sh

0 comments on commit 353c3b0

Please sign in to comment.