docker.io 20.10.25-0ubuntu1~22.04.1 loses file permissions on docker-build
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
docker.io (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
docker-build loses file permissions configured on the previous layer. Consider this trivial dockerfile example:
$ cat Dockerfile
FROM ubuntu:22.04
RUN groupadd -r user && useradd -lrm -s /bin/bash -g user user && ls -al /home/
RUN ls -al /home/
Mind that ls command on the first layer correctly reports that user home directory is owned by 'user'. Next layer however reports it's owned by 'root':
$ docker --version
Docker version 20.10.25, build 20.10.25-
$ docker build -f Dockerfile -t bug --no-cache .
Sending build context to Docker daemon 2.048kB
Step 1/3 : FROM ubuntu:22.04
---> 5a81c4b8502e
Step 2/3 : RUN groupadd -r user && useradd -lrm -s /bin/bash -g user user && ls -al /home/
---> Running in 25321c5d3936
total 12
drwxr-xr-x 1 root root 4096 Jul 20 21:13 .
drwxr-xr-x 1 root root 4096 Jul 20 21:13 ..
drwxr-x--- 2 user user 4096 Jul 20 21:13 user
Removing intermediate container 25321c5d3936
---> 517d81d51c42
Step 3/3 : RUN ls -al /home/
---> Running in 9612f47d6fe6
total 12
drwxr-xr-x 1 root root 4096 Jul 20 21:13 .
drwxr-xr-x 1 root root 4096 Jul 20 21:13 ..
drwxr-x--- 2 root root 4096 Jul 20 21:13 user
Removing intermediate container 9612f47d6fe6
---> a782363e2ab0
Successfully built a782363e2ab0
Successfully tagged bug:latest
This isues was found on 22.04.2 Ubuntu server with enabled jammy-proposed repository. Issue seems to be a regression on the docker.io proposed update to 20.10.25-
Some more details on the system I was using:
$ uname -a
Linux docker-bug 5.15.0-76-generic #83-Ubuntu SMP Thu Jun 15 19:16:32 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_
DISTRIB_
DISTRIB_
$ apt-cache policy docker.io
docker.io:
Installed: 20.10.25-
Candidate: 20.10.25-
Version table:
*** 20.10.25-
500 http://
100 /var/lib/
20.
500 http://
500 http://
20.
500 http://
affects: | xubuntu-meta (Ubuntu) → docker.io (Ubuntu) |
Other observations from my side: 0ubuntu1~ 22.04.3 ("good") then you have correct permissions if you later use this image on docker run with 20.10.25- 0ubuntu1~ 22.04.1 ("bad"). 0ubuntu1~ 22.04.1 ("bad") then you have wrong permissions if you later use this image on docker run with 20.10.21- 0ubuntu1~ 22.04.3 ("good").
1. If you build docker image with 20.10.21-
2. If you build docker image with 20.10.25-
Also, so far I did not see any indication of error reported during docker-build or elsewhere on a system. Docker build seems to go just fine though later permissions are wrong. It might be I just don't know where to look for appropriate log... let me know of what needs to be checked.