Skip to content

runtime: do not chown idmapped volumes#16739

Merged
openshift-merge-robot merged 1 commit intocontainers:mainfrom
giuseppe:no-chown-idmap
Dec 5, 2022
Merged

runtime: do not chown idmapped volumes#16739
openshift-merge-robot merged 1 commit intocontainers:mainfrom
giuseppe:no-chown-idmap

Conversation

@giuseppe
Copy link
Copy Markdown
Member

@giuseppe giuseppe commented Dec 5, 2022

do not chown a volume when idmap is used.

Closes: #16724

Signed-off-by: Giuseppe Scrivano gscrivan@redhat.com

Does this PR introduce a user-facing change?

Now volumes that use idmap are not chowned to the UID/GID of the root in the container

@giuseppe
runtime: do not chown idmapped volumes
a651cdf 
do not chown a volume when idmap is used.

Closes: containers#16724

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
@openshift-ci openshift-ci bot added release-note approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Dec 5, 2022
@giuseppe giuseppe mentioned this pull request Dec 5, 2022
Closed
@M1cha
Copy link
Copy Markdown
Contributor

M1cha commented Dec 5, 2022

I didn't test this yet but what happens if you create the volume externally and it still has NeedsChown set to true because it was never used before?

Or even worse, what if you create it externally, have a container without the idmap flag chown it, and then use the same volume in a container with the idmap flag? It should probably show a warning since neither doing nothing nor chowning back to 0 sound like decisions that should be made implicitly.

@rhatdan
Copy link
Copy Markdown
Member

rhatdan commented Dec 5, 2022

LGTM

@mheon
Copy link
Copy Markdown
Member

mheon commented Dec 5, 2022

/lgtm
/approve

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Dec 5, 2022
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci bot commented Dec 5, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: giuseppe, mheon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-robot openshift-merge-robot merged commit 41af424 into containers:main Dec 5, 2022
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 19, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 19, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

@mheon mheon

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. release-note

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

wrong permissions on idmapped volumes

5 participants

@giuseppe @M1cha @rhatdan @mheon @openshift-merge-robot