Recursively set project ID for quota driver

We have previously relied on the PROJINHERIT flag for XFS quotas,
which causes the ID of the parent directory to be recursively
applied to subdirectories under the volume's parent directory.
However, PROJINHERIT only applies to directories created after
the project ID was first set. Pre-existing directories do not
get the project ID if we only set it on the parent. This means
that quota enforcement is not complete unless we recurse to
subdirectories and apply the project ID to those as well.

Fixes containers/podman#25368

Signed-off-by: Matt Heon <[email protected]>

Author: mheon

drivers/quota/projectquota_supported.go

@@ -370,6 +370,20 @@ func setProjectID(targetPath string, projectID uint32) error {
 		return fmt.Errorf("failed to set projid for %s: %w", targetPath, errno)
 	}
 
+	// While we are setting the PROJINHERIT flag, it only applies to files
+	// and directories created after the fact.
+	// Any pre-existing subdirectories will still need to have the project
+	// ID set manually, so recurse onto them.
+	if dents, err := os.Readdir(targetPath); err == nil {
+		for _, dent := range dents {
+			if dent.IsDir() {
+				if err := setProjectID(filepath.Join(targetPath, dent.Name()), projectID); err != nil {
+					return fmt.Errorf("recursively setting project ID on subdirectories of %s: %w", targetPath, err)
+				}
+			}
+		}
+	}
+
 	return nil
 }