[pve-devel] [PATCH pve-container] unprivileged: remove bad chown -R call

Wolfgang Bumiller w.bumiller at proxmox.com
Fri Nov 13 12:18:10 CET 2015


This was added before we had bind mounts, instead we now
pass the `root_owner` option to mkfs.
---
 src/PVE/LXC.pm        | 18 +++++++++++-------
 src/PVE/LXC/Create.pm |  3 ---
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index 7f375b9..ff13ad9 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -2213,13 +2213,15 @@ sub get_vm_volumes {
 }
 
 sub mkfs {
-    my ($dev) = @_;
+    my ($dev, $rootuid, $rootgid) = @_;
 
-    PVE::Tools::run_command(['mkfs.ext4', '-O', 'mmp', $dev]);
+    PVE::Tools::run_command(['mkfs.ext4', '-O', 'mmp',
+			     '-E', "root_owner=$rootuid:$rootgid",
+			     $dev]);
 }
 
 sub format_disk {
-    my ($storage_cfg, $volid) = @_;
+    my ($storage_cfg, $volid, $rootuid, $rootgid) = @_;
 
     if ($volid =~ m!^/dev/.+!) {
 	mkfs($volid);
@@ -2240,7 +2242,7 @@ sub format_disk {
     die "cannot format volume '$volid' (format == $format)\n"
 	if $format ne 'raw';
 
-    mkfs($path);
+    mkfs($path, $rootuid, $rootgid);
 }
 
 sub destroy_disks {
@@ -2257,6 +2259,8 @@ sub create_disks {
 
     my $vollist = [];
 
+    my (undef, $rootuid, $rootgid) = PVE::LXC::parse_id_maps($conf);
+
     eval {
 	foreach_mountpoint($settings, sub {
 	    my ($ms, $mountpoint) = @_;
@@ -2280,7 +2284,7 @@ sub create_disks {
 		    if ($size_kb > 0) {
 			$volid = PVE::Storage::vdisk_alloc($storecfg, $storage, $vmid, 'raw',
 							   undef, $size_kb);
-			format_disk($storecfg, $volid);
+			format_disk($storecfg, $volid, $rootuid, $rootgid);
 		    } else {
 			$volid = PVE::Storage::vdisk_alloc($storecfg, $storage, $vmid, 'subvol',
 							   undef, 0);
@@ -2292,13 +2296,13 @@ sub create_disks {
 		} elsif ($scfg->{type} eq 'drbd' || $scfg->{type} eq 'lvm') {
 
 		    $volid = PVE::Storage::vdisk_alloc($storecfg, $storage, $vmid, 'raw', undef, $size_kb);
-		    format_disk($storecfg, $volid);
+		    format_disk($storecfg, $volid, $rootuid, $rootgid);
 
 		} elsif ($scfg->{type} eq 'rbd') {
 
 		    die "krbd option must be enabled on storage type '$scfg->{type}'\n" if !$scfg->{krbd};
 		    $volid = PVE::Storage::vdisk_alloc($storecfg, $storage, $vmid, 'raw', undef, $size_kb);
-		    format_disk($storecfg, $volid);
+		    format_disk($storecfg, $volid, $rootuid, $rootgid);
 		} else {
 		    die "unable to create containers on storage type '$scfg->{type}'\n";
 		}
diff --git a/src/PVE/LXC/Create.pm b/src/PVE/LXC/Create.pm
index 853a840..48d8843 100644
--- a/src/PVE/LXC/Create.pm
+++ b/src/PVE/LXC/Create.pm
@@ -28,9 +28,6 @@ sub restore_archive {
 #    we always use the same mapping: 'b:0:100000:65536'
     my ($id_map, $rootuid, $rootgid) = PVE::LXC::parse_id_maps($conf);
     my $userns_cmd = PVE::LXC::userns_command($id_map);
-    if (@$id_map) {
-	PVE::Tools::run_command(['chown', '-R', "$rootuid:$rootgid", $rootdir]);
-    }
 
     my $cmd = [@$userns_cmd, 'tar', 'xpf', $archive, '--totals',
                @$PVE::LXC::COMMON_TAR_FLAGS,
-- 
2.1.4




More information about the pve-devel mailing list