Merge pull request #23476 from giuseppe/idmap-volume-copyup

libpod: fix volume copyup with idmap
containers · Aug 2, 2024 · 9333822 · 9333822
2 parents dfab16e + 3ae1568
commit 9333822
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
@@ -1922,13 +1922,20 @@ func (c *Container) mountNamedVolume(v *ContainerNamedVolume, mountpoint string)
 			getOptions := copier.GetOptions{
 				KeepDirectoryNames: false,
 			}
+			// If the volume is idmapped, we need to "undo" the idmapping
+			if slices.Contains(v.Options, "idmap") {
+				getOptions.UIDMap = c.config.IDMappings.UIDMap
+				getOptions.GIDMap = c.config.IDMappings.GIDMap
+			}
 			errChan <- copier.Get(srcDir, "", getOptions, []string{"/."}, writer)
 		}()
 
 		// Copy, volume side: stream what we've written to the pipe, into
 		// the volume.
 		copyOpts := copier.PutOptions{}
 		if err := copier.Put(volMount, "", copyOpts, reader); err != nil {
+			// consume the reader otherwise the goroutine will block
+			_, _ = io.Copy(io.Discard, reader)
 			err2 := <-errChan
 			if err2 != nil {
 				logrus.Errorf("Streaming contents of container %s directory for volume copy-up: %v", c.ID(), err2)

diff --git a/test/system/030-run.bats b/test/system/030-run.bats
@@ -1232,7 +1232,7 @@ EOF
     fi
 }
 
-@test "podman run - rootfs with idmapped mounts" {
+@test "podman run - idmapped mounts" {
     skip_if_rootless "idmapped mounts work only with root for now"
 
     skip_if_remote "userns=auto is set on the server"
@@ -1280,6 +1280,12 @@ EOF
     is "$output" "0:0"
     run_podman volume rm $myvolume
 
+    # verify that copyup with an idmap volume maintains the original ownership
+    myvolume=my-volume-$(safename)
+    run_podman run --rm --uidmap=0:1000:10000 -v $myvolume:/etc:idmap $IMAGE stat -c %u:%g /etc/passwd
+    is "$output" "0:0"
+    run_podman volume rm $myvolume
+
     rm -rf $romount
 }