Closed leoluk closed 3 years ago
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
Volumes mounted as overlayfs are always mounted as root, regardless of uid mapping.
Steps to reproduce the issue:
podman run --rm -v ~/.config:/config:O --security-opt=label=user:unconfined_u --userns=keep-id fedora:33 ls -lisa /
Describe the results you received:
5997247 4 drwx------. 69 root root 4096 Apr 6 11:02 config
Describe the results you expected:
4194313 4 drwx------. 69 leopold leopold 4096 Apr 6 09:31 config
When mounting the volume as ro instead of O, the permissions are as expected.
ro
O
Additional information you deem important (e.g. issue happens only occasionally):
Output of podman version:
podman version
(plain Fedora 33 defaults)
~ $ podman version Version: 3.0.1 API Version: 3.0.0 Go Version: go1.15.8 Built: Fri Feb 19 17:56:17 2021 OS/Arch: linux/amd64
Output of podman info --debug:
podman info --debug
~ $ podman info --debug host: arch: amd64 buildahVersion: 1.19.4 cgroupManager: systemd cgroupVersion: v2 conmon: package: conmon-2.0.26-1.fc33.x86_64 path: /usr/bin/conmon version: 'conmon version 2.0.26, commit: 777074ecdb5e883b9bec233f3630c5e7fa37d521' cpus: 24 distribution: distribution: fedora version: "33" eventLogger: journald hostname: leowork idMappings: gidmap: - container_id: 0 host_id: 1000 size: 1 - container_id: 1 host_id: 100000 size: 65536 uidmap: - container_id: 0 host_id: 1000 size: 1 - container_id: 1 host_id: 100000 size: 65536 kernel: 5.10.12-200.fc33.x86_64 linkmode: dynamic memFree: 2308755456 memTotal: 67360276480 ociRuntime: name: crun package: crun-0.18-5.fc33.x86_64 path: /usr/bin/crun version: |- crun version 0.18 commit: 808420efe3dc2b44d6db9f1a3fac8361dde42a95 spec: 1.0.0 +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL os: linux remoteSocket: path: /run/user/1000/podman/podman.sock security: apparmorEnabled: false capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT rootless: true seccompEnabled: true selinuxEnabled: true slirp4netns: executable: /usr/bin/slirp4netns package: slirp4netns-1.1.9-1.fc33.x86_64 version: |- slirp4netns version 1.1.9 commit: 4e37ea557562e0d7a64dc636eff156f64927335e libslirp: 4.3.1 SLIRP_CONFIG_VERSION_MAX: 3 libseccomp: 2.5.0 swapFree: 2358222848 swapTotal: 4294963200 uptime: 1408h 22m 16.27s (Approximately 58.67 days) registries: search: - registry.fedoraproject.org - registry.access.redhat.com - registry.centos.org - docker.io store: configFile: /home/leopold/.config/containers/storage.conf containerStore: number: 4 paused: 0 running: 0 stopped: 4 graphDriverName: overlay graphOptions: overlay.mount_program: Executable: /usr/bin/fuse-overlayfs Package: fuse-overlayfs-1.4.0-1.fc33.x86_64 Version: |- fusermount3 version: 3.9.3 fuse-overlayfs: version 1.4 FUSE library version 3.9.3 using FUSE kernel interface version 7.31 graphRoot: /home/leopold/.local/share/containers/storage graphStatus: Backing Filesystem: extfs Native Overlay Diff: "false" Supports d_type: "true" Using metacopy: "false" imageStore: number: 30 runRoot: /run/user/1000 volumePath: /home/leopold/.local/share/containers/storage/volumes version: APIVersion: 3.0.0 Built: 1613753777 BuiltTime: Fri Feb 19 17:56:17 2021 GitCommit: "" GoVersion: go1.15.8 OsArch: linux/amd64 Version: 3.0.1
Package info (e.g. output of rpm -q podman or apt list podman):
rpm -q podman
apt list podman
podman-3.0.1-1.fc33.x86_64
Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?
No, only tested with the latest version in Fedora. 3.1.0 does not appear to be packaged yet.
Additional environment details (AWS, VirtualBox, physical, etc.):
A friendly reminder that this issue had no activity for 30 days.
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
Volumes mounted as overlayfs are always mounted as root, regardless of uid mapping.
Steps to reproduce the issue:
Describe the results you received:
Describe the results you expected:
When mounting the volume as
ro
instead ofO
, the permissions are as expected.Additional information you deem important (e.g. issue happens only occasionally):
Output of
podman version
:(plain Fedora 33 defaults)
Output of
podman info --debug
:(plain Fedora 33 defaults)
Package info (e.g. output of
rpm -q podman
orapt list podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?
No, only tested with the latest version in Fedora. 3.1.0 does not appear to be packaged yet.
Additional environment details (AWS, VirtualBox, physical, etc.):