[Podman] Re: Why does Podman update the "Change" timestamp on files shared between host and guest ?

On 6/28/22 22:06, Daniel Walsh wrote: > On 6/28/22 15:27, Jacob Kroon wrote: >> On 6/28/22 18:48, Jacob Kroon wrote: >>> Hi Daniel, >>> >>> On 6/28/22 16:23, Daniel Walsh wrote: >>>> On 6/28/22 03:15, Jacob Kroon wrote: >>>>> Hi, >>>>> >>>>> I'm using Podman in my build environment. As part of the build I >>>>> bind a directory from the host to a directory in the container. >>>>> Even though the guest doesn't touch the file in any way, >>>>> afterwards I can see that the file's "Change" timestamp has been >>>>> updated, so I am assuming it is podman that does this. >>>>> >>>>> According to >>>>> https://unix.stackexchange.com/questions/2464/timestamp-modification-time... >>>>> >>>>> the "Change" timestamp is described as "the last time meta data of >>>>> the file was changed (e.g. permissions)". >>>>> >>>>> I am wondering what meta data it is that podman changes, and if it >>>>> can be avoided somehow ? (Mainly because it tricks git/gitk into >>>>> thinking something might have changed). >>>>> >>> >>> [cut] >>> >>>> >>>> Could you mount the volume :ro inside of the container and see if >>>> the same thing happens? >>>> >>> >>> Yup, same thing happens even if I mount it with :ro. >>> >>>> If it still happens, then we know it is Podman making the change as >>>> opposed to the processes inside of the container. >>>> >>>> You could also  bind mount the volume readonly on itself, before >>>> using podman to see if podman throws an error. >>> >>> I haven't tried this, let me know if this would be of help and I >>> will give it a shot. >>> >> >> I ran it through strace and grepped for a dummy file "foobar" that I >> created and got this: >> >>> [pid  2886] lsetxattr("/home/jkroon/Projects/foobar-linux/foobar", >>> "security.selinux", "system_u:object_r:container_file"..., 37, 0 >>> <unfinished ...> >> >> I'll try to see if I can figure out how to get gdb to break on >> lsetxattr() with that argument. >> >> My host is an up2date Fedora 36. >> >> Also, I'm using --userns=keep-id in case that matters. >> >> Regards >> Jacob >> _______________________________________________ >> Podman mailing list -- podman(a)lists.podman.io >> To unsubscribe send an email to podman-leave(a)lists.podman.io > > That is SELinux are you mounting with a :Z? Ah yes, I am. To be honest, I haven't fully understood how that flag interacts with the mount point. At some point in time I needed to add it. I have two directories I mount to the guest, one under $HOME (which is the one that is causing me headaches with changed timestamps) and one under /tmp. Unless I use :z on the one in /tmp, I get permission errors when creating files there in the guest. So, I figured I needed :z for the one in $HOME as well. But I see that I can touch files there, even without :z. Does using :z require that "change" timestamps are updated ?

The z option tells Podman that two containers share the volume content. As a result, Podman labels the content with a shared content label. Shared volume labels allow all containers to read/write content. The Z option tells Podman to label the content with a private unshared label.