[PATCH container v2 1/2] make mount point attribute preservation configurable

[Filip Schauer <f.schauer@proxmox.com>]

The commit 0db559517ac6 (mountpoint_insert_staged: inherit attributes if
directory already exists) introduced automatic propagation of uid, gid,
and mode from the target directory to the mounted filesystem. While this
improves compatibility with some OCI images, it also caused undesired
ownership changes on some mount points.

Since attribute preservation is not always desired, make this behavior
configurable via a new "keepattrs" mountpoint flag. Default to disabled
to preserve historical behavior.

Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
---
Changed since v1:
* Replace "target path" with "mount point directory"
* Replace "attributes" with more specific description
* Add verbose_description

 src/PVE/LXC.pm            | 4 +---
 src/PVE/LXC/Config.pm     | 9 +++++++++
 src/lxc-pve-prestart-hook | 2 +-
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index 41ea991..2c02e9a 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -2478,10 +2478,8 @@ sub mountpoint_hotplug : prototype($$$$$) {
         chdir('/')
             or die "failed to change root directory within the container's mount namespace: $!\n";
 
-        my $keep_attrs = $mp->{type} eq 'volume';
-
         mountpoint_insert_staged(
-            $mount_fd, undef, $mp->{mp}, $opt, $root_uid, $root_gid, $keep_attrs,
+            $mount_fd, undef, $mp->{mp}, $opt, $root_uid, $root_gid, $mp->{keepattrs},
         );
     });
 }
diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
index 6f54e9f..5442586 100644
--- a/src/PVE/LXC/Config.pm
+++ b/src/PVE/LXC/Config.pm
@@ -987,6 +987,15 @@ my $mp_desc = {
         verbose_description => "Path to the mount point as seen from inside the container.\n\n"
             . "NOTE: Must not contain any symlinks for security reasons.",
     },
+    keepattrs => {
+        type => 'boolean',
+        description => "Inherit ownership and permissions from the mount point directory.",
+        verbose_description =>
+            "Inherit UID, GID and access mode from the mount point directory, "
+            . "if it exists already.",
+        optional => 1,
+        default => 0,
+    },
 };
 PVE::JSONSchema::register_format('pve-ct-mountpoint', $mp_desc);
 
diff --git a/src/lxc-pve-prestart-hook b/src/lxc-pve-prestart-hook
index f900c12..9862509 100755
--- a/src/lxc-pve-prestart-hook
+++ b/src/lxc-pve-prestart-hook
@@ -100,7 +100,7 @@ PVE::LXC::Tools::lxc_hook(
                 # Mount relative to the rootdir fd.
                 $dest_base_fd = $rootdir_fd;
                 $dest_dir = './' . $mountpoint->{mp};
-                $keep_attrs = $mountpoint->{type} eq 'volume';
+                $keep_attrs = $mountpoint->{keepattrs};
             } else {
                 # Assert that 'rootfs' is the first one:
                 die "foreach_mount() error\n" if $opt ne 'rootfs';
-- 
2.47.3