search

containers / krunvm

Create microVMs from OCI images
Apache License 2.0
1.41k stars 42 forks source link

symlinks are owned by UID who started the VM, not user in the vm #31

Closed stephenjudkins closed 2 years ago

stephenjudkins commented 2 years ago

Some context, using macOS 12.4 (21F79):

stephen@boris-godunov ~ % uname -a
Darwin boris-godunov 21.5.0 Darwin Kernel Version 21.5.0: Tue Apr 26 21:08:37 PDT 2022; root:xnu-8020.121.3~4/RELEASE_ARM64_T6000 arm64
stephen@boris-godunov ~ % krunvm --version
krunvm 0.2.1
stephen@boris-godunov ~ % id
uid=501(stephen) gid=20(staff) groups=20(staff),12(everyone),61(localaccounts),79(_appserverusr),80(admin),81(_appserveradm),98(_lpadmin),701(com.apple.sharepoint.group.1),33(_appstore),100(_lpoperator),204(_developer),250(_analyticsusers),395(com.apple.access_ftp),398(com.apple.access_screensharing),399(com.apple.access_ssh),400(com.apple.access_remote_ae)

To reproduce:

stephen@boris-godunov ~ % krunvm create --name test ubuntu:latest
microVM created with name: test
stephen@boris-godunov ~ % krunvm start test
root@test:/# mkdir test
root@test:/# cd test
root@test:/test# touch foo
root@test:/test# ls -lh
total 0
-rw-r--r-- 1 root root 0 Aug 10 22:47 foo
root@test:/test# ln -s foo bar
root@test:/test# ls -lh
total 0
lrwxrwxrwx 1  501 dialout 3 Aug 10 22:47 bar -> foo
-rw-r--r-- 1 root root    0 Aug 10 22:47 foo
root@test:/test# stat bar
  File: bar -> foo
  Size: 3           Blocks: 0          IO Block: 4096   symbolic link
Device: 15h/21d Inode: 1814521     Links: 1
Access: (0777/lrwxrwxrwx)  Uid: (  501/ UNKNOWN)   Gid: (   20/ dialout)
Access: 2022-08-10 22:47:49.795944806 +0000
Modify: 2022-08-10 22:47:49.795944806 +0000
Change: 2022-08-10 22:47:49.795944806 +0000
 Birth:

Expected: a symlink created with ln -s should have user/group root/root. Actual: the symlink has uid/gid 501/20, same as the macOS user who started the krunvm vm.

stephenjudkins commented 2 years ago

I found where these files live in the macOS host filesystem, and FWIW the xattrs to store container uid/guid seem correct on the symlink:

stephen@boris-godunov test % ls -lh                                                                  
total 0
lrwxrwxrwx  1 stephen  staff     3B Aug 10 15:45 bar -> foo
-rw-------@ 1 stephen  staff     0B Aug 10 15:45 foo
stephen@boris-godunov test % xattr -p user.containers.override_stat bar
0:0:0100644
stephen@boris-godunov test % xattr -p user.containers.override_stat foo
0:0:0100644

So whatever's wrong, I suspect it's in the "read path", if that makes sense.

slp commented 2 years ago

Thanks for the report. This will be fixed by https://github.com/containers/libkrun/pull/68

slp commented 2 years ago

Fixed in libkrun-1.4.1, which is already available in the Homebrew repo.

stephenjudkins commented 2 years ago

thanks for the fix. greatly appreciate it