1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00

Fixes permissions on volumes when dir in container is empty

Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
This commit is contained in:
Brian Goff 2014-04-09 21:50:46 -04:00
parent d8332f433f
commit ff7b52abd3
2 changed files with 42 additions and 16 deletions

View file

@ -246,22 +246,22 @@ func createVolumes(container *Container) error {
if err := archive.CopyWithTar(rootVolPath, srcPath); err != nil {
return err
}
}
}
var stat syscall.Stat_t
if err := syscall.Stat(rootVolPath, &stat); err != nil {
return err
}
var srcStat syscall.Stat_t
if err := syscall.Stat(srcPath, &srcStat); err != nil {
return err
}
// Change the source volume's ownership if it differs from the root
// files that were just copied
if stat.Uid != srcStat.Uid || stat.Gid != srcStat.Gid {
if err := os.Chown(srcPath, int(stat.Uid), int(stat.Gid)); err != nil {
return err
}
}
var stat syscall.Stat_t
if err := syscall.Stat(rootVolPath, &stat); err != nil {
return err
}
var srcStat syscall.Stat_t
if err := syscall.Stat(srcPath, &srcStat); err != nil {
return err
}
// Change the source volume's ownership if it differs from the root
// files that were just copied
if stat.Uid != srcStat.Uid || stat.Gid != srcStat.Gid {
if err := os.Chown(srcPath, int(stat.Uid), int(stat.Gid)); err != nil {
return err
}
}
}

View file

@ -407,7 +407,7 @@ func TestCopyVolumeUidGid(t *testing.T) {
defer r.Nuke()
// Add directory not owned by root
container1, _, _ := mkContainer(r, []string{"_", "/bin/sh", "-c", "mkdir -p /hello && touch /hello/test.txt && chown daemon.daemon /hello"}, t)
container1, _, _ := mkContainer(r, []string{"_", "/bin/sh", "-c", "mkdir -p /hello && touch /hello/test && chown daemon.daemon /hello"}, t)
defer r.Destroy(container1)
if container1.State.IsRunning() {
@ -432,6 +432,32 @@ func TestCopyVolumeUidGid(t *testing.T) {
if !strings.Contains(stdout1, "daemon daemon") {
t.Fatal("Container failed to transfer uid and gid to volume")
}
container2, _, _ := mkContainer(r, []string{"_", "/bin/sh", "-c", "mkdir -p /hello && chown daemon.daemon /hello"}, t)
defer r.Destroy(container1)
if container2.State.IsRunning() {
t.Errorf("Container shouldn't be running")
}
if err := container2.Run(); err != nil {
t.Fatal(err)
}
if container2.State.IsRunning() {
t.Errorf("Container shouldn't be running")
}
img2, err := r.Commit(container2, "", "", "unit test commited image", "", nil)
if err != nil {
t.Error(err)
}
// Test that the uid and gid is copied from the image to the volume
tmpDir2 := tempDir(t)
defer os.RemoveAll(tmpDir2)
stdout2, _ := runContainer(eng, r, []string{"-v", "/hello", img2.ID, "stat", "-c", "%U %G", "/hello"}, t)
if !strings.Contains(stdout2, "daemon daemon") {
t.Fatal("Container failed to transfer uid and gid to volume")
}
}
// Test for #1582