Browse code
Fixes permissions on volumes when dir in container is empty
Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
Brian Goff authored on 2014/04/10 10:50:46Showing 2 changed files
| ... | ... |
@@ -246,22 +246,22 @@ func createVolumes(container *Container) error {
|
| 246 | 246 |
if err := archive.CopyWithTar(rootVolPath, srcPath); err != nil {
|
| 247 | 247 |
return err |
| 248 | 248 |
} |
| 249 |
+ } |
|
| 250 |
+ } |
|
| 249 | 251 |
|
| 250 |
- var stat syscall.Stat_t |
|
| 251 |
- if err := syscall.Stat(rootVolPath, &stat); err != nil {
|
|
| 252 |
- return err |
|
| 253 |
- } |
|
| 254 |
- var srcStat syscall.Stat_t |
|
| 255 |
- if err := syscall.Stat(srcPath, &srcStat); err != nil {
|
|
| 256 |
- return err |
|
| 257 |
- } |
|
| 258 |
- // Change the source volume's ownership if it differs from the root |
|
| 259 |
- // files that were just copied |
|
| 260 |
- if stat.Uid != srcStat.Uid || stat.Gid != srcStat.Gid {
|
|
| 261 |
- if err := os.Chown(srcPath, int(stat.Uid), int(stat.Gid)); err != nil {
|
|
| 262 |
- return err |
|
| 263 |
- } |
|
| 264 |
- } |
|
| 252 |
+ var stat syscall.Stat_t |
|
| 253 |
+ if err := syscall.Stat(rootVolPath, &stat); err != nil {
|
|
| 254 |
+ return err |
|
| 255 |
+ } |
|
| 256 |
+ var srcStat syscall.Stat_t |
|
| 257 |
+ if err := syscall.Stat(srcPath, &srcStat); err != nil {
|
|
| 258 |
+ return err |
|
| 259 |
+ } |
|
| 260 |
+ // Change the source volume's ownership if it differs from the root |
|
| 261 |
+ // files that were just copied |
|
| 262 |
+ if stat.Uid != srcStat.Uid || stat.Gid != srcStat.Gid {
|
|
| 263 |
+ if err := os.Chown(srcPath, int(stat.Uid), int(stat.Gid)); err != nil {
|
|
| 264 |
+ return err |
|
| 265 | 265 |
} |
| 266 | 266 |
} |
| 267 | 267 |
} |
| ... | ... |
@@ -407,7 +407,7 @@ func TestCopyVolumeUidGid(t *testing.T) {
|
| 407 | 407 |
defer r.Nuke() |
| 408 | 408 |
|
| 409 | 409 |
// Add directory not owned by root |
| 410 |
- container1, _, _ := mkContainer(r, []string{"_", "/bin/sh", "-c", "mkdir -p /hello && touch /hello/test.txt && chown daemon.daemon /hello"}, t)
|
|
| 410 |
+ container1, _, _ := mkContainer(r, []string{"_", "/bin/sh", "-c", "mkdir -p /hello && touch /hello/test && chown daemon.daemon /hello"}, t)
|
|
| 411 | 411 |
defer r.Destroy(container1) |
| 412 | 412 |
|
| 413 | 413 |
if container1.State.IsRunning() {
|
| ... | ... |
@@ -432,6 +432,32 @@ func TestCopyVolumeUidGid(t *testing.T) {
|
| 432 | 432 |
if !strings.Contains(stdout1, "daemon daemon") {
|
| 433 | 433 |
t.Fatal("Container failed to transfer uid and gid to volume")
|
| 434 | 434 |
} |
| 435 |
+ |
|
| 436 |
+ container2, _, _ := mkContainer(r, []string{"_", "/bin/sh", "-c", "mkdir -p /hello && chown daemon.daemon /hello"}, t)
|
|
| 437 |
+ defer r.Destroy(container1) |
|
| 438 |
+ |
|
| 439 |
+ if container2.State.IsRunning() {
|
|
| 440 |
+ t.Errorf("Container shouldn't be running")
|
|
| 441 |
+ } |
|
| 442 |
+ if err := container2.Run(); err != nil {
|
|
| 443 |
+ t.Fatal(err) |
|
| 444 |
+ } |
|
| 445 |
+ if container2.State.IsRunning() {
|
|
| 446 |
+ t.Errorf("Container shouldn't be running")
|
|
| 447 |
+ } |
|
| 448 |
+ |
|
| 449 |
+ img2, err := r.Commit(container2, "", "", "unit test commited image", "", nil) |
|
| 450 |
+ if err != nil {
|
|
| 451 |
+ t.Error(err) |
|
| 452 |
+ } |
|
| 453 |
+ |
|
| 454 |
+ // Test that the uid and gid is copied from the image to the volume |
|
| 455 |
+ tmpDir2 := tempDir(t) |
|
| 456 |
+ defer os.RemoveAll(tmpDir2) |
|
| 457 |
+ stdout2, _ := runContainer(eng, r, []string{"-v", "/hello", img2.ID, "stat", "-c", "%U %G", "/hello"}, t)
|
|
| 458 |
+ if !strings.Contains(stdout2, "daemon daemon") {
|
|
| 459 |
+ t.Fatal("Container failed to transfer uid and gid to volume")
|
|
| 460 |
+ } |
|
| 435 | 461 |
} |
| 436 | 462 |
|
| 437 | 463 |
// Test for #1582 |