[PATCH container 1/2] make mount point attribute preservation configurable

Wed, 11 Feb 2026 03:07:28 -0800 

The commit 0db559517ac6 (mountpoint_insert_staged: inherit attributes if
directory already exists) introduced automatic propagation of uid, gid,
and mode from the target directory to the mounted filesystem. While this
improves compatibility with some OCI images, it also caused undesired
ownership changes on some mount points.

Since attribute preservation is not always desired, make this behavior
configurable via a new "keepattrs" mountpoint flag. Default to disabled
to preserve historical behavior.

Signed-off-by: Filip Schauer <[email protected]>
---
 src/PVE/LXC.pm            | 4 +---
 src/PVE/LXC/Config.pm     | 6 ++++++
 src/lxc-pve-prestart-hook | 2 +-
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index 41ea991..2c02e9a 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -2478,10 +2478,8 @@ sub mountpoint_hotplug : prototype($$$$$) {
         chdir('/')
             or die "failed to change root directory within the container's 
mount namespace: $!\n";
 
-        my $keep_attrs = $mp->{type} eq 'volume';
-
         mountpoint_insert_staged(
-            $mount_fd, undef, $mp->{mp}, $opt, $root_uid, $root_gid, 
$keep_attrs,
+            $mount_fd, undef, $mp->{mp}, $opt, $root_uid, $root_gid, 
$mp->{keepattrs},
         );
     });
 }
diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
index 6f54e9f..0090d61 100644
--- a/src/PVE/LXC/Config.pm
+++ b/src/PVE/LXC/Config.pm
@@ -987,6 +987,12 @@ my $mp_desc = {
         verbose_description => "Path to the mount point as seen from inside 
the container.\n\n"
             . "NOTE: Must not contain any symlinks for security reasons.",
     },
+    keepattrs => {
+        type => 'boolean',
+        description => 'Inherit attributes from the target path, if it exists 
already.',
+        optional => 1,
+        default => 0,
+    },
 };
 PVE::JSONSchema::register_format('pve-ct-mountpoint', $mp_desc);
 
diff --git a/src/lxc-pve-prestart-hook b/src/lxc-pve-prestart-hook
index f900c12..9862509 100755
--- a/src/lxc-pve-prestart-hook
+++ b/src/lxc-pve-prestart-hook
@@ -100,7 +100,7 @@ PVE::LXC::Tools::lxc_hook(
                 # Mount relative to the rootdir fd.
                 $dest_base_fd = $rootdir_fd;
                 $dest_dir = './' . $mountpoint->{mp};
-                $keep_attrs = $mountpoint->{type} eq 'volume';
+                $keep_attrs = $mountpoint->{keepattrs};
             } else {
                 # Assert that 'rootfs' is the first one:
                 die "foreach_mount() error\n" if $opt ne 'rootfs';
-- 
2.47.3

Reply via email to