From 191cefbaca45ba86341379d09d2f75d5fc1868fb Mon Sep 17 00:00:00 2001 From: Phil Estes Date: Tue, 8 Dec 2015 14:28:28 -0500 Subject: [PATCH] Fix overlay and user namespace permissions All underlay dirs need proper remapped ownership. This bug was masked by the fact that the setupInitLayer code was chown'ing the dirs at startup time. Since that bug is now fixed, it revealed this permissions issue. Docker-DCO-1.1-Signed-off-by: Phil Estes (github: estesp) --- daemon/graphdriver/overlay/overlay.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/daemon/graphdriver/overlay/overlay.go b/daemon/graphdriver/overlay/overlay.go index 885d55a268..211adeec8a 100644 --- a/daemon/graphdriver/overlay/overlay.go +++ b/daemon/graphdriver/overlay/overlay.go @@ -270,10 +270,10 @@ func (d *Driver) Create(id, parent, mountLabel string) (retErr error) { parentRoot := path.Join(parentDir, "root") if s, err := os.Lstat(parentRoot); err == nil { - if err := os.Mkdir(path.Join(dir, "upper"), s.Mode()); err != nil { + if err := idtools.MkdirAs(path.Join(dir, "upper"), s.Mode(), rootUID, rootGID); err != nil { return err } - if err := os.Mkdir(path.Join(dir, "work"), 0700); err != nil { + if err := idtools.MkdirAs(path.Join(dir, "work"), 0700, rootUID, rootGID); err != nil { return err } if err := idtools.MkdirAs(path.Join(dir, "merged"), 0700, rootUID, rootGID); err != nil { @@ -303,10 +303,10 @@ func (d *Driver) Create(id, parent, mountLabel string) (retErr error) { } upperDir := path.Join(dir, "upper") - if err := os.Mkdir(upperDir, s.Mode()); err != nil { + if err := idtools.MkdirAs(upperDir, s.Mode(), rootUID, rootGID); err != nil { return err } - if err := os.Mkdir(path.Join(dir, "work"), 0700); err != nil { + if err := idtools.MkdirAs(path.Join(dir, "work"), 0700, rootUID, rootGID); err != nil { return err } if err := idtools.MkdirAs(path.Join(dir, "merged"), 0700, rootUID, rootGID); err != nil {