Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

podman cp creates files in container only as root user #9626

Closed
awerlang opened this issue Mar 5, 2021 · 1 comment
Closed

podman cp creates files in container only as root user #9626

awerlang opened this issue Mar 5, 2021 · 1 comment
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@awerlang
Copy link

awerlang commented Mar 5, 2021

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

podman cp creates files in container as root user. When container is created with options --userns --user files kept the uid from host system prior to v3.

Steps to reproduce the issue:

  1. (shell 1) podman run --rm -u $(id -u) --userns=keep-id -it registry.opensuse.org/opensuse/leap

  2. (shell 2) podman cp $XAUTHORITY CONTAINERID:/tmp/.Xauthority

  3. (shell 1) cat /tmp/.Xauthority

Describe the results you received:

cat: /tmp/.Xauthority: Permission denied

Describe the results you expected:

File is accessible.

Additional information you deem important (e.g. issue happens only occasionally):

Rootless.
Used to work until v2.2.1.
Tried podman unshare podman mount but mount point was empty?!

Output of podman version:

Version:      3.0.1
API Version:  3.0.0
Go Version:   go1.13.15
Built:        Tue Feb 23 21:00:00 2021
OS/Arch:      linux/amd64

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.19.4
  cgroupManager: cgroupfs
  cgroupVersion: v1
  conmon:
    package: conmon-2.0.26-1.1.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.26, commit: unknown'
  cpus: 8
  distribution:
    distribution: '"opensuse-tumbleweed"'
    version: "20210302"
  eventLogger: journald
  hostname: localhost
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 100
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.10.16-1-default
  linkmode: dynamic
  memFree: 264986624
  memTotal: 16669970432
  ociRuntime:
    name: runc
    package: runc-1.0.0~rc93-1.2.x86_64
    path: /usr/bin/runc
    version: |-
      runc version 1.0.0-rc93
      commit: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
      spec: 1.0.2-dev
      go: go1.13.15
      libseccomp: 2.5.0
  os: linux
  remoteSocket:
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_AUDIT_WRITE,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_MKNOD,CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    selinuxEnabled: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.1.8-1.2.x86_64
    version: |-
      slirp4netns version 1.1.8
      commit: unknown
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.0
  swapFree: 10727510016
  swapTotal: 10737414144
  uptime: 14h 13m 10.97s (Approximately 0.58 days)
registries:
  search:
  - registry.opensuse.org
  - docker.io
store:
  configFile: /home/andre/.config/containers/storage.conf
  containerStore:
    number: 3
    paused: 0
    running: 0
    stopped: 3
  graphDriverName: overlay
  graphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: fuse-overlayfs-1.4.0-1.1.x86_64
      Version: |-
        fusermount3 version: 3.10.2
        fuse-overlayfs: version 1.4
        FUSE library version 3.10.2
        using FUSE kernel interface version 7.31
  graphRoot: /home/andre/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: btrfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 62
  runRoot: /run/user/1000/containers
  volumePath: /home/andre/.local/share/containers/storage/volumes
version:
  APIVersion: 3.0.0
  Built: 1614124800
  BuiltTime: Tue Feb 23 21:00:00 2021
  GitCommit: ""
  GoVersion: go1.13.15
  OsArch: linux/amd64
  Version: 3.0.1

Package info (e.g. output of rpm -q podman or apt list podman):

podman-3.0.1-1.1.x86_64

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?

Yes

Additional environment details (AWS, VirtualBox, physical, etc.):

@openshift-ci-robot openshift-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Mar 5, 2021
@mheon
Copy link
Member

mheon commented Mar 5, 2021

@vrothberg PTAL

vrothberg added a commit to vrothberg/libpod that referenced this issue Mar 10, 2021
Make sure the files are chowned to the host/container user, depending on
where things are being copied to.

Fixes: containers#9626
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 22, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Development

No branches or pull requests

3 participants