-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ADD of an absolute path fails with "no such file or directory" instead of "path outside context" #4592
Comments
I've updated the title here to reflect the issue that needs to be fixed here. :) See #2745 for more discussion of why adding files outside the build context isn't and probably won't be supported. |
its mildly more complicated.
|
This please! It wasn't obvious to me and I spend half a day fighting it. |
@ipbabble I'm trying to build an image on ubuntu:latest and given below is the error :
Please do fix it. |
The issue still persists for me... |
@wilnauem the issue was closed because the documentation was updated to explain that an absolute path refers to an absolute path within the build context, not an absolute path on the host; https://github.com/docker/docker/pull/5762/files Given this directory (e.g.
FROM scratch
COPY /hello/world.txt /foo/bar.txt
COPY /users/home/foo/project /project This dockerfile will;
|
Thank you very much... now I get it |
To be clear, are |
I.e. if absolute paths are relative to the context, and relative paths are (presumably) also relative to the context |
@thaJeztah |
Changing that format/handling would be a huge breaking change, breaking tons of existing Dockerfiles, so not an option. |
My dockerfile contains:
Executes it with My output is:
I'm running on windows, why does it replaces it to a absolute path, that doesn't exists on windows? Anyone has an idea what is going wrong? |
I wasted time discovering that absolute paths are not supported. Docker should generate a warning when an absolute path is found, and eventually a few release later, an error. Its much better than getting an unhelpful |
The best explanation so far, thanks buddy. |
That's fine, but also kind of missing the crux of the issue. People have use-cases that would be made easier if they had some way of reaching outside of the build context when adding content to their image, such as by using an absolute path. Fair enough that |
|
Right now trying to ADD a fully qualified file name (FQFN), e.g. /home/mydir/testfile will fail with the error "no such file or directory".
The failure is on purpose for security reasons. From @tianon: Imagine that I have a Dockerfile that does "ADD /etc/shadow /my/path \n RUN some-command-to-upload-your-etc-shadow-to-my-server".
However at the least the message is wrong and should be something like "forbidden path outside the context". Consider that the client might be remote from the docker daemon.
However if you have common files (tar, configuration, html etc.) that you may wish to include in multiple images, then you need to duplicate these files into each build directory. One could image having a shared file system with lots of common files that are required for different classes of images or for all images (maybe some legal/copywrite document).
How can we maintain the security while at the same time solve the problem of having common files ADDed from one place.
Perhaps we could check to see if the (FQFN) is on a mounted device and allow that? Or some other magic.
The text was updated successfully, but these errors were encountered: