-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dockerbuild: stop container before committing it #8780
Conversation
@smarterclayton ptal |
@@ -19,6 +19,9 @@ import ( | |||
"github.com/golang/glog" | |||
) | |||
|
|||
// stopTimeoutSeconds is the timeout for stopping the running container | |||
const stopTimeoutSeconds = 2 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should have zero timeout - not sure why we would need it to be graceful.
Before this merges, be sure to fix the conformance_test to remove the "Red Hat secrets injection" workaround and verify it still runs. |
8e150bc
to
fa943f4
Compare
fixed code and updated conformance test. However, the conformance test is failing for me, but I don't think it's due to this change:
taking a closer look |
I reverted to master and I still get the failure above so yes it doesn't look like it's related to this. |
Internal conformance and external conformance have a mismatch right now. Can you comment out that test and run the other ones? |
Commented out the test. Other tests pass. |
Lgtm [merge] |
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/merge_pull_requests_origin/5844/) (Image: devenv-rhel7_4133) |
Evaluated for origin merge up to 10980dc |
[Test]ing while waiting on the merge queue |
Evaluated for origin test up to 10980dc |
continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/3660/) |
The problem:
Images built with the new dockerbuild command get the wrong permisisons (0700 instead of 0755) in the /run/secrets (or /var/run/secrets) directory when running on non-RedHat docker hosts. This breaks loading secrets in containers created from those images.
The fix:
I found that this happens only when the container is committed while still running. If I the container is stopped before committing, the permissions for that directory come out right.