New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker 0.8.0: Seeing container directory permission differences from same image on Ubuntu vs. Arch #4068
Comments
Having Docker use the devicemapper backend on the Ubuntu system yields correct directory permissions. |
From what i noticed so far: When using aufs there are some circumstances where permissions can not be changed after initial creation in following layers. Normally this is not a problem, but can be, when multiple layers are stacked where permissions differ between layers. A workaround is to export and import an image after significant changes / initial creation. |
A minimal test case:
Push this somewhere and then pull on an aufs host, then:
This will show:
Note that it doesn't matter if the original image was built on aufs or devicemapper. |
I've encountered this as well in cases where an image was built on docker+devicemapper and then run on docker+aufs. Export/import on a devicemapper machine fixes this, as mentioned above. So does building the same image on docker+aufs to start with. |
I'm stuck on this issue as well. As far as I understand it as long as kernel extras are installed on ALL my machines I am ok. But if I forgot to do
on some of them and build and push a image, the other machines have problems when running the container. For me it's the |
I still get the wrong I also ran
Result points to a4868e2:
|
Confirmed the commit is the culprit, revert fixes the behaviour: https://github.com/infoxchange/docker/tree/undo-tar-changes-4068 |
Investigation: The permissions are broken whenever a layer contains a change inside the existing directory, e.g. To fix the problem properly, the permissions for new |
Any chance of some action here? I'm surprised more people haven't encountered this bug as it is readily reproducible on default settings! We're seeing the exact same issue but @koterpillar 's fix above does work. Ideally the bug should be sorted properly (permissions from the previous layer rather than fudging the perms) but having docker it in its current state with permissions being set to unreadable is pretty unacceptable, and will likely cause people trying docker to encounter significant problems and perhaps lose faith in the whole docker concept. |
I have this problem in version 0.91:
So i think the problem still exists. |
It's fixed in master, but haven't made its way into a release yet. |
This issue seems to still persist in latest Docker version, had to dist-upgrade Precise 64 and add the linux-headers. When I built the Docker images on this system, |
…for docker with intermediate containers moby/moby#4068
I think I got caught in the same issue, I've tried with docker 1.6 and 1.8 and in both, the containers show odd permissions on /. So changing to 755 could be a workaround: [root@afd0c24bb2f2 /]# ls -lsa / Test case, inside a container with this issue: |
Arch system is running Docker 0.8.0 using the devicemapper storage backend:
Ubuntu system is running Docker 0.8.0 using the AUFS storage backend:
On both systems, I am running the opencrowbar/centos:6.5-2 image
(created on the Arch system from the centos:6.4 image) using the
following command:
On the Arch system, things operate normally and the directory
permissions are as expected:
On the Ubuntu system, however, the directory permissions of several
key directories are screwed up leading to breakage when we try to run
our canned dev/test environment:
Note the directory permissions on /usr, /var, and /home -- they are
755 on the container running on the Arch host, and 110 on the
container running on the Ubuntu host. As part of our workflow
involves running commands as a non-root user these broken permissions
cause all sorts of entertaining failures on the container running on
the Ubuntu host.
The text was updated successfully, but these errors were encountered: