Description
When setting up a docker-compose.yml with a service configured with restart: always and a mount relative to the home directory of an user encrypted home. It fails to list the files after said user has logged in and the encrypted files become accessible on the system.
Steps to reproduce the issue:
- Set up an user with an encrypted home and docker access on a linux machine (Ubuntu 21.10 for example).
- Set up a service with
restart: always and run up -d with a volume mounted inside said user's home directory.
- Add some files on the mounted volume.
- Check that files are accessible inside the running container
- Restart the machine
- Login as said user
docker exec -it service_name bash- Check that the files are no longer accessible in the running container.
Describe the results you received:
When the container runs at boot the mounted volume files are not accessible even after they become accessible form the host machine.
Describe the results you expected:
I expected the files to not be accessible while they are encrypted but to become accessible after the user logged in to their machine and the files became accessible on the filesystem.
Additional information you deem important (e.g. issue happens only occasionally):
Output of docker compose version:
docker-compose version 1.26.0, build d4451659
Output of docker info:
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.8.0-docker)
scan: Docker Scan (Docker Inc., v0.17.0)
Server:
Containers: 5
Running: 5
Paused: 0
Stopped: 0
Images: 41
Server Version: 20.10.13
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 2a1d4dbdb2a1030dc5b01e96fb110a9d9f150ecc
runc version: v1.0.3-0-gf46b6ba
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: default
cgroupns
Kernel Version: 5.13.0-35-generic
Operating System: Ubuntu 21.10
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 31.24GiB
Name: marcos-wg
ID: BEYH:NRGA:7QED:XDNT:HENC:VCVE:POQQ:T7HA:N3WS:OTS3:X4RU:BTL6
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Additional environment details:
Ubuntu 21.04, probably happening on any encrypted home setup
Description
When setting up a docker-compose.yml with a service configured with
restart: alwaysand a mount relative to the home directory of an user encrypted home. It fails to list the files after said user has logged in and the encrypted files become accessible on the system.Steps to reproduce the issue:
restart: alwaysand run up -d with a volume mounted inside said user's home directory.docker exec -it service_name bashDescribe the results you received:
When the container runs at boot the mounted volume files are not accessible even after they become accessible form the host machine.
Describe the results you expected:
I expected the files to not be accessible while they are encrypted but to become accessible after the user logged in to their machine and the files became accessible on the filesystem.
Additional information you deem important (e.g. issue happens only occasionally):
Output of
docker compose version:Output of
docker info:Additional environment details:
Ubuntu 21.04, probably happening on any encrypted home setup