From 7d68362cf58a37e0f1a3e4e119a589ad307dd40a Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Wed, 3 Apr 2024 11:02:06 +0200 Subject: [PATCH 1/2] test: do not skip tests under rootless there are no overlay mounts in the "podman run with --volume and U flag" tests so no need to skip them. Signed-off-by: Giuseppe Scrivano --- test/e2e/run_volume_test.go | 9 --------- 1 file changed, 9 deletions(-) diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index 4e777d62ef..e5e8c79b3a 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -740,15 +740,6 @@ VOLUME /test/`, ALPINE) Skip("cannot find mappings for the current user") } - if os.Getenv("container") != "" { - Skip("Overlay mounts not supported when running in a container") - } - if isRootless() { - if _, err := exec.LookPath("fuse_overlay"); err != nil { - Skip("Fuse-Overlayfs required for rootless overlay mount test") - } - } - mountPath := filepath.Join(podmanTest.TempDir, "secrets") err = os.Mkdir(mountPath, 0755) Expect(err).ToNot(HaveOccurred()) From 519a66c6a95bfffc7d517e3eefcbd63f648fc5b8 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Wed, 3 Apr 2024 11:03:02 +0200 Subject: [PATCH 2/2] container: do not chown to dest target with U if the 'U' option is provided, do not chown the destination target to the existing target in the image. Closes: https://github.com/containers/podman/issues/22224 Signed-off-by: Giuseppe Scrivano --- libpod/container_internal_common.go | 7 ++++++- test/e2e/run_volume_test.go | 6 ++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/libpod/container_internal_common.go b/libpod/container_internal_common.go index 07627abd1e..3ce372313e 100644 --- a/libpod/container_internal_common.go +++ b/libpod/container_internal_common.go @@ -2882,8 +2882,13 @@ func (c *Container) fixVolumePermissions(v *ContainerNamedVolume) error { return err } - // Make sure the new volume matches the permissions of the target directory. + // Make sure the new volume matches the permissions of the target directory unless 'U' is + // provided (since the volume was already chowned in this case). // https://github.com/containers/podman/issues/10188 + if slices.Contains(v.Options, "U") { + return nil + } + st, err := os.Lstat(filepath.Join(c.state.Mountpoint, v.Dest)) if err == nil { if stat, ok := st.Sys().(*syscall.Stat_t); ok { diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index e5e8c79b3a..8d17f4af63 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -750,6 +750,12 @@ VOLUME /test/`, ALPINE) Expect(session).Should(ExitCleanly()) Expect(session.OutputToString()).To(ContainSubstring("888:888")) + // test with an existing directory in the image + session = podmanTest.Podman([]string{"run", "--rm", "--user", "881:882", "-v", "NAMED-VOLUME:/mnt:U", ALPINE, "stat", "-c", "%u:%g", "/mnt"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(ExitCleanly()) + Expect(session.OutputToString()).To(ContainSubstring("881:882")) + session = podmanTest.Podman([]string{"run", "--rm", "--user", "888:888", "--userns", "auto", "-v", vol, ALPINE, "stat", "-c", "%u:%g", dest}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly())