-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dockerfile ADD not preserving "s" file attribute. #36239
Comments
It works if I add a tar.gz, and let Docker extract the tarbal.
This is the output.
|
@tonistiigi @vdemeester @dnephin Was this intentional? |
I'm not aware of any reason this would be intentional. |
Original question which helped me figure out what the issue was: https://unix.stackexchange.com/questions/422411/pam-authentication-failure-with-valid-password |
What is the status of this? Any estimate for fix? |
cc @tonistiigi PTAL? |
I would like to try to fix this one. |
Thanks, PR is appreciated |
Okay, i think i got it. It looks like file with permissions is created before issuing chown syscall on it. And in linux if you make chown that discards suid bit permissions. |
@AkihiroSuda i've created PR for this bug, but i am not sure about implementation. I would be glad to read your comments on this one |
Looks like this issue only affects the classic builder, and is fixed with BuildKit enabled; mkdir repro-36239 && cd repro-36239
touch 1.bin
chmod 700 1.bin
chmod u+xs 1.bin
ls -la 1.bin
# -rws------ 1 root root 0 Jan 28 10:16 1.bin
echo -e 'FROM busybox:latest\nADD 1.bin /1.bin' > Dockerfile
DOCKER_BUILDKIT=0 docker build -t test .
docker run --rm test ls -la /1.bin
# -rwx------ 1 root root 0 Jan 28 10:16 /1.bin
DOCKER_BUILDKIT=1 docker build -t test .
docker run --rm test ls -la /1.bin
# -rws------ 1 root root 0 Jan 28 10:16 /1.bin |
Just to check; docker run -di --name test busybox
docker cp ./1.bin test:/
docker exec test ls -la /1.bin
# -rws------ 1 root root 0 Jan 28 10:16 /1.bin
docker commit test testimage
docker run --rm testimage ls -la /1.bin
# -rws------ 1 root root 0 Jan 28 10:16 /1.bin |
Then I add the folder with the docker file.
ADD root.x86_64 /
When the image is built, the permissions are different. Running from within the container:
The text was updated successfully, but these errors were encountered: