Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mapped directory ownership issue #11412

Closed
fishy opened this issue Sep 2, 2021 · 4 comments
Closed

Mapped directory ownership issue #11412

fishy opened this issue Sep 2, 2021 · 4 comments
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@fishy
Copy link

fishy commented Sep 2, 2021

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

When using podman run -v --user, the owner of the files in the mapped directory is root instead of the current user.

Steps to reproduce the issue:

$ ls -l
total 20
-rw-r--r-- 1 fishy fishy 8232 Sep  2 09:06 baseplate.thrift
drwxr-xr-x 3 fishy fishy 4096 Sep  1 09:42 gen-go
drwxr-xr-x 2 fishy fishy 4096 Jul 21 11:16 limitopen

$ docker run -v ${PWD}:/data/ --user "$(id -u):$(id -g)" -it --entrypoint=/bin/bash ghcr.io/reddit/thrift-compiler:0.14.2
groups: cannot find name for group ID 1000
I have no name!@8de5c8d5bb33:/data$ whoami
whoami: cannot find name for user ID 1000
I have no name!@8de5c8d5bb33:/data$ ls -l
total 20
-rw-r--r-- 1 1000 1000 8232 Sep  2 16:06 baseplate.thrift
drwxr-xr-x 3 1000 1000 4096 Sep  1 16:42 gen-go
drwxr-xr-x 2 1000 1000 4096 Jul 21 18:16 limitopen

$ podman run -v ${PWD}:/data/ --user "$(id -u):$(id -g)" -it --entrypoint=/bin/bash ghcr.io/reddit/thrift-compiler:0.14.2
1000@e4b71aec7c5d:~$ whoami
1000
1000@e4b71aec7c5d:~$ ls -l
total 20
-rw-r--r-- 1 root root 8232 Sep  2 16:06 baseplate.thrift
drwxr-xr-x 3 root root 4096 Sep  1 16:42 gen-go
drwxr-xr-x 2 root root 4096 Jul 21 18:16 limitopen

Describe the results you received:

The files under the mapped /data/ are owned by root:root

Describe the results you expected:

The files under the mapped /data/ should be owned by 1000:1000

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

$ podman version
Version:      3.0.1
API Version:  3.0.0
Go Version:   go1.15.9
Built:        Wed Dec 31 16:00:00 1969
OS/Arch:      linux/amd64

Output of podman info --debug:

$ podman info --debug
host:
  arch: amd64
  buildahVersion: 1.19.6
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: 'conmon: /usr/bin/conmon'
    path: /usr/bin/conmon
    version: 'conmon version 2.0.25, commit: unknown'
  cpus: 12
  distribution:
    distribution: debian
    version: unknown
  eventLogger: journald
  hostname: perch
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.10.0-8-amd64
  linkmode: dynamic
  memFree: 7660191744
  memTotal: 16379564032
  ociRuntime:
    name: crun
    package: 'crun: /usr/bin/crun'
    path: /usr/bin/crun
    version: |-
      crun version 0.17
      commit: 0e9229ae34caaebcb86f1fde18de3acaf18c6d9a
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
  os: linux
  remoteSocket:
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    selinuxEnabled: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: 'slirp4netns: /usr/bin/slirp4netns'
    version: |-
      slirp4netns version 1.0.1
      commit: 6a7b16babc95b6a3056b33fb45b74a6f62262dd4
      libslirp: 4.6.1
  swapFree: 14884532224
  swapTotal: 16773017600
  uptime: 250h 21m 3.57s (Approximately 10.42 days)
registries: {}
store:
  configFile: /home/fishy/.config/containers/storage.conf
  containerStore:
    number: 14
    paused: 0
    running: 0
    stopped: 14
  graphDriverName: overlay
  graphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: 'fuse-overlayfs: /usr/bin/fuse-overlayfs'
      Version: |-
        fusermount3 version: 3.10.4
        fuse-overlayfs: version 1.4
        FUSE library version 3.10.4
        using FUSE kernel interface version 7.31
  graphRoot: /home/fishy/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 2
  runRoot: /run/user/1000/containers
  volumePath: /home/fishy/.local/share/containers/storage/volumes
version:
  APIVersion: 3.0.0
  Built: 0
  BuiltTime: Wed Dec 31 16:00:00 1969
  GitCommit: ""
  GoVersion: go1.15.9
  OsArch: linux/amd64
  Version: 3.0.1

Package info (e.g. output of rpm -q podman or apt list podman):

$ apt list podman
Listing... Done
podman/testing,now 3.0.1+dfsg1-3+b2 amd64 [installed]
podman/testing 3.0.1+dfsg1-3+b2 i386

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)

No

Additional environment details (AWS, VirtualBox, physical, etc.):
@openshift-ci openshift-ci bot added the kind/bug Categorizes issue or PR as related to a bug. label Sep 2, 2021
@mheon
Copy link
Member

mheon commented Sep 3, 2021

Please try a more recent Podman version - I recall from the release notes that this is fixed in 3.3.x.

@mheon mheon closed this as completed Sep 3, 2021
@rhatdan
Copy link
Member

rhatdan commented Sep 7, 2021

Yes this should be fixed in current Podman.

@fishy
Copy link
Author

fishy commented Sep 9, 2021

After I upgraded to podman 3.3.1 (through debian) I'm getting this error instead:

$ podman run -v ${PWD}:/data/ --user "$(id -u):$(id -g)" -it --entrypoint=/bin/bash ghcr.io/reddit/thrift-compiler:0.14.2
ERRO[0000] User-selected graph driver "overlay" overwritten by graph driver "vfs" from database - delete libpod local files to resolve 
Error: vfs driver does not support overlay.mount_program options

I found #7396 but I don't have ~/.config/containers/ directory. I did find ~/.cache/containers/ but the error persists after I deleted the cache.

podman info --debug or podman version gives the same error:

$ podman info --debug
ERRO[0000] User-selected graph driver "overlay" overwritten by graph driver "vfs" from database - delete libpod local files to resolve 
Error: vfs driver does not support overlay.mount_program options
$ podman version
ERRO[0000] User-selected graph driver "overlay" overwritten by graph driver "vfs" from database - delete libpod local files to resolve 
Error: vfs driver does not support overlay.mount_program options
$ podman --version
podman version 3.3.1
$ apt list podman
Listing... Done
podman/testing,now 3.3.1+ds2-1 amd64 [installed]
podman/testing 3.3.1+ds2-1 i386

@fishy
Copy link
Author

fishy commented Sep 10, 2021

OK I resolve the "delete libpod local files to resolve" issue, but the owners of mapped directory is still incorrect:

$ podman run -v ${PWD}:/data/ --user "$(id -u):$(id -g)" -it --entrypoint=/bin/bash ghcr.io/reddit/thrift-compiler:0.14.2
1000@5469baf036a5:~$ ls -l
total 20
-rw-r--r-- 1 root root 8232 Sep 10 06:00 baseplate.thrift
drwxr-xr-x 3 root root 4096 Sep  2 16:55 gen-go
drwxr-xr-x 2 root root 4096 Sep  9 19:04 limitopen
1000@5469baf036a5:~$ whoami
1000

$ podman version
Version:      3.3.1
API Version:  3.3.1
Go Version:   go1.16.7
Built:        Wed Dec 31 16:00:00 1969
OS/Arch:      linux/amd64

$ podman info --debug
host:
  arch: amd64
  buildahVersion: 1.22.3
  cgroupControllers: []
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: 'conmon: /usr/bin/conmon'
    path: /usr/bin/conmon
    version: 'conmon version 2.0.25, commit: unknown'
  cpus: 12
  distribution:
    distribution: debian
    version: unknown
  eventLogger: journald
  hostname: perch
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.10.0-8-amd64
  linkmode: dynamic
  memFree: 9127297024
  memTotal: 16379572224
  ociRuntime:
    name: crun
    package: 'crun: /usr/bin/crun'
    path: /usr/bin/crun
    version: |-
      crun version 0.17
      commit: 0e9229ae34caaebcb86f1fde18de3acaf18c6d9a
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
  os: linux
  remoteSocket:
    exists: true
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: 'slirp4netns: /usr/bin/slirp4netns'
    version: |-
      slirp4netns version 1.0.1
      commit: 6a7b16babc95b6a3056b33fb45b74a6f62262dd4
      libslirp: 4.6.1
  swapFree: 14738276352
  swapTotal: 16773017600
  uptime: 81h 2m 10.41s (Approximately 3.38 days)
registries: {}
store:
  configFile: /home/fishy/.config/containers/storage.conf
  containerStore:
    number: 2
    paused: 0
    running: 0
    stopped: 2
  graphDriverName: overlay
  graphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: 'fuse-overlayfs: /usr/bin/fuse-overlayfs'
      Version: |-
        fusermount3 version: 3.10.4
        fuse-overlayfs: version 1.7.1
        FUSE library version 3.10.4
        using FUSE kernel interface version 7.31
  graphRoot: /home/fishy/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 1
  runRoot: /run/user/1000/containers
  volumePath: /home/fishy/.local/share/containers/storage/volumes
version:
  APIVersion: 3.3.1
  Built: 0
  BuiltTime: Wed Dec 31 16:00:00 1969
  GitCommit: ""
  GoVersion: go1.16.7
  OsArch: linux/amd64
  Version: 3.3.1

@fishy fishy mentioned this issue Sep 28, 2021
Closed
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 21, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fishy @rhatdan @mheon