chown: use ToHostOverflow when chowning

when chowning an image, fall back to the overflow ID when a UID or GID cannot be mapped to the target user namespace. This ensures the chown driver works similar to what we do with idmapped mounts when it is supported for overlay. It is needed for CRI-O to support user namespaces in Kubernetes since the Kubelet picks a static size for the user namespace and it might break some images using IDs outside the picked range. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
containers · Apr 27, 2022 · 3c4d211 · 3c4d211
1 parent a3fec19
commit 3c4d211
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/drivers/chown_unix.go b/drivers/chown_unix.go
@@ -76,7 +76,7 @@ func (c *platformChowner) LChown(path string, info os.FileInfo, toHost, toContai
 			UID: uid,
 			GID: gid,
 		}
-		mappedPair, err := toHost.ToHost(pair)
+		mappedPair, err := toHost.ToHostOverflow(pair)
 		if err != nil {
 			return fmt.Errorf("error mapping container ID pair %#v for %q to host: %v", pair, path, err)
 		}