Description
Steps to reproduce the issue:
- On a Windows machine create the following Dockerfile:
`FROM internetsystemsconsortium/bind9:9.16
RUN chmod g+rwx /etc/bind2. Run: docker image build -t mybind:latest .
docker run mybind:latest ls -la /etc/bind`
3. Take note of the group permissions for directory: .
- On a seperate Ubuntu machine create the same Dockerfile as before:
`FROM internetsystemsconsortium/bind9:9.16
RUN chmod g+rwx /etc/bind5. Run: docker image build -t mybind:latest .
docker run mybind:latest ls -la /etc/bind`
6. Notice the group permissions on . directory were not applied as the chmod command instructed.
Describe the results you received:
My results for the Windows machine:
`docker image build -t mybind:latest .
Builds fine
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 31B 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/internetsystemsconsortium/bind9:9.16 1.9s
=> [1/2] FROM docker.io/internetsystemsconsortium/bind9:9.16@sha256:741c12d794f1af570898d37288635366ead7d9a1ee4a 0.0s
=> CACHED [2/2] RUN chmod g+rwx /etc/bind 0.0s
=> exporting to image 0.0s
=> => exporting layers 0.0s
=> => writing image sha256:9cf71c8cd1ff3bab424702906965b1d597773d447820bb915fd8e19a44be44b8 0.0s
=> => naming to docker.io/library/mybind:latest
docker run mybind:latest ls -la /etc/bind
Results: Looks good.
total 56
drwxrwsr-x 2 root bind 4096 Sep 26 01:59 .
drwxr-xr-x 1 root root 4096 Sep 26 01:59 ..
-rw-r--r-- 1 root root 1991 Sep 16 07:55 bind.keys
-rw-r--r-- 1 root root 237 Sep 16 07:54 db.0
-rw-r--r-- 1 root root 271 Sep 16 07:54 db.127
-rw-r--r-- 1 root root 237 Sep 16 07:54 db.255
-rw-r--r-- 1 root root 353 Sep 16 07:54 db.empty
-rw-r--r-- 1 root root 270 Sep 16 07:54 db.local
-rw-r--r-- 1 root bind 463 Sep 16 07:54 named.conf
-rw-r--r-- 1 root bind 498 Sep 16 07:54 named.conf.default-zones
-rw-r--r-- 1 root bind 165 Sep 16 07:54 named.conf.local
-rw-r--r-- 1 root bind 846 Sep 16 07:54 named.conf.options
-rw-r----- 1 bind bind 100 Sep 21 19:30 rndc.key
-rw-r--r-- 1 root root 1317 Sep 16 07:54 zones.rfc1918`
Ubuntu:
`docker image build -t mybind:latest .
Built fine
Sending build context to Docker daemon 2.048kB
Step 1/2 : FROM internetsystemsconsortium/bind9:9.16
---> 225a67715eb2
Step 2/2 : RUN chmod g+rwx /etc/bind
---> Running in 70f313e8dbaa
Removing intermediate container 70f313e8dbaa
---> 7bc872eeee26
Successfully built 7bc872eeee26
Successfully tagged mybind:latest
docker run mybind:latest ls -la /etc/bind
Ahhhh there it is. Permissions weren't applied.
total 56
drwxr-sr-x 2 root bind 4096 Sep 26 02:09 .
drwxr-xr-x 1 root root 4096 Sep 26 02:09 ..
-rw-r--r-- 1 root root 1991 Aug 20 12:41 bind.keys
-rw-r--r-- 1 root root 237 Aug 20 12:40 db.0
-rw-r--r-- 1 root root 271 Aug 20 12:40 db.127
-rw-r--r-- 1 root root 237 Aug 20 12:40 db.255
-rw-r--r-- 1 root root 353 Aug 20 12:40 db.empty
-rw-r--r-- 1 root root 270 Aug 20 12:40 db.local
-rw-r--r-- 1 root bind 463 Aug 20 12:40 named.conf
-rw-r--r-- 1 root bind 498 Aug 20 12:40 named.conf.default-zones
-rw-r--r-- 1 root bind 165 Aug 20 12:40 named.conf.local
-rw-r--r-- 1 root bind 846 Aug 20 12:40 named.conf.options
-rw-r----- 1 bind bind 100 Aug 25 14:43 rndc.key
-rw-r--r-- 1 root root 1317 Aug 20 12:40 zones.rfc1918`
Describe the results you expected:
I expected that the /etc/bind directory would have the same permissions applied regardless of which host OS it was built and run on. The Windows machine produced the correct output but the Linux machine did not. The Linux mahcine should have applied the permission specified in the chmod command.
Additional information you deem important (e.g. issue happens only occasionally):
Output of docker version:
Windows Machine:
docker version
Client:
Cloud integration: 1.0.17
Version: 20.10.8
API version: 1.41
Go version: go1.16.6
Git commit: 3967b7d
Built: Fri Jul 30 19:58:50 2021
OS/Arch: windows/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.8
API version: 1.41 (minimum version 1.12)
Go version: go1.16.6
Git commit: 75249d8
Built: Fri Jul 30 19:52:10 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.9
GitCommit: e25210fe30a0a703442421b0f60afac609f950a3
runc:
Version: 1.0.1
GitCommit: v1.0.1-0-g4144b63
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Ubuntu Machine:
Client: Docker Engine - Community
Version: 20.10.8
API version: 1.41
Go version: go1.16.6
Git commit: 3967b7d
Built: Fri Jul 30 19:54:27 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.8
API version: 1.41 (minimum version 1.12)
Go version: go1.16.6
Git commit: 75249d8
Built: Fri Jul 30 19:52:33 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.9
GitCommit: e25210fe30a0a703442421b0f60afac609f950a3
runc:
Version: 1.0.1
GitCommit: v1.0.1-0-g4144b63
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Output of docker info:
Windows Machine:
docker info
Client:
Context: default
Debug Mode: false
Plugins:
buildx: Build with BuildKit (Docker Inc., v0.6.1-docker)
compose: Docker Compose (Docker Inc., v2.0.0-rc.3)
scan: Docker Scan (Docker Inc., v0.8.0)
Server:
Containers: 16
Running: 2
Paused: 0
Stopped: 14
Images: 74
Server Version: 20.10.8
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: e25210fe30a0a703442421b0f60afac609f950a3
runc version: v1.0.1-0-g4144b63
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 5.4.72-microsoft-standard-WSL2
Operating System: Docker Desktop
OSType: linux
Architecture: x86_64
CPUs: 12
Total Memory: 12.26GiB
Name: docker-desktop
ID: 4AGM:KUYE:REOB:VIOU:TR6B:KCQA:RXAR:MMSV:7VKM:Z5CJ:L3LF:MX64
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
172.26.90.130:5000
127.0.0.0/8
Live Restore Enabled: false
WARNING: No blkio throttle.read_bps_device support
WARNING: No blkio throttle.write_bps_device support
WARNING: No blkio throttle.read_iops_device support
WARNING: No blkio throttle.write_iops_device support
Ubuntu Machine:
docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.6.1-docker)
scan: Docker Scan (Docker Inc., v0.8.0)
Server:
Containers: 4
Running: 0
Paused: 0
Stopped: 4
Images: 59
Server Version: 20.10.8
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: e25210fe30a0a703442421b0f60afac609f950a3
runc version: v1.0.1-0-g4144b63
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 5.11.0-34-generic
Operating System: Ubuntu 20.04.3 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.629GiB
Name: curran-Aspire-7750
ID: DTM5:YG5Z:EEOS:MFBE:ZAXI:CSC7:OBPZ:R5J4:P6FB:GEWM:TPHT:VZ4Z
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Additional environment details (AWS, VirtualBox, physical, etc.):
OS info: Windows 10 Pro Version 20H2 OS build 19042.1237
OS info linux from running uname -a:
Linux myhostname 5.11.0-34-generic #36~20.04.1-Ubuntu SMP Fri Aug 27 08:06:32 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Description
Steps to reproduce the issue:
`FROM internetsystemsconsortium/bind9:9.16
RUN chmod g+rwx /etc/bind
2. Run:docker image build -t mybind:latest .docker run mybind:latest ls -la /etc/bind`
3. Take note of the group permissions for directory: .
`FROM internetsystemsconsortium/bind9:9.16
RUN chmod g+rwx /etc/bind
5. Run:docker image build -t mybind:latest .docker run mybind:latest ls -la /etc/bind`
6. Notice the group permissions on . directory were not applied as the chmod command instructed.
Describe the results you received:
My results for the Windows machine:
`docker image build -t mybind:latest .
Builds fine
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 31B 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/internetsystemsconsortium/bind9:9.16 1.9s
=> [1/2] FROM docker.io/internetsystemsconsortium/bind9:9.16@sha256:741c12d794f1af570898d37288635366ead7d9a1ee4a 0.0s
=> CACHED [2/2] RUN chmod g+rwx /etc/bind 0.0s
=> exporting to image 0.0s
=> => exporting layers 0.0s
=> => writing image sha256:9cf71c8cd1ff3bab424702906965b1d597773d447820bb915fd8e19a44be44b8 0.0s
=> => naming to docker.io/library/mybind:latest
docker run mybind:latest ls -la /etc/bind
Results: Looks good.
total 56
drwxrwsr-x 2 root bind 4096 Sep 26 01:59 .
drwxr-xr-x 1 root root 4096 Sep 26 01:59 ..
-rw-r--r-- 1 root root 1991 Sep 16 07:55 bind.keys
-rw-r--r-- 1 root root 237 Sep 16 07:54 db.0
-rw-r--r-- 1 root root 271 Sep 16 07:54 db.127
-rw-r--r-- 1 root root 237 Sep 16 07:54 db.255
-rw-r--r-- 1 root root 353 Sep 16 07:54 db.empty
-rw-r--r-- 1 root root 270 Sep 16 07:54 db.local
-rw-r--r-- 1 root bind 463 Sep 16 07:54 named.conf
-rw-r--r-- 1 root bind 498 Sep 16 07:54 named.conf.default-zones
-rw-r--r-- 1 root bind 165 Sep 16 07:54 named.conf.local
-rw-r--r-- 1 root bind 846 Sep 16 07:54 named.conf.options
-rw-r----- 1 bind bind 100 Sep 21 19:30 rndc.key
-rw-r--r-- 1 root root 1317 Sep 16 07:54 zones.rfc1918`
Ubuntu:
`docker image build -t mybind:latest .
Built fine
Sending build context to Docker daemon 2.048kB
Step 1/2 : FROM internetsystemsconsortium/bind9:9.16
---> 225a67715eb2
Step 2/2 : RUN chmod g+rwx /etc/bind
---> Running in 70f313e8dbaa
Removing intermediate container 70f313e8dbaa
---> 7bc872eeee26
Successfully built 7bc872eeee26
Successfully tagged mybind:latest
docker run mybind:latest ls -la /etc/bind
Ahhhh there it is. Permissions weren't applied.
total 56
drwxr-sr-x 2 root bind 4096 Sep 26 02:09 .
drwxr-xr-x 1 root root 4096 Sep 26 02:09 ..
-rw-r--r-- 1 root root 1991 Aug 20 12:41 bind.keys
-rw-r--r-- 1 root root 237 Aug 20 12:40 db.0
-rw-r--r-- 1 root root 271 Aug 20 12:40 db.127
-rw-r--r-- 1 root root 237 Aug 20 12:40 db.255
-rw-r--r-- 1 root root 353 Aug 20 12:40 db.empty
-rw-r--r-- 1 root root 270 Aug 20 12:40 db.local
-rw-r--r-- 1 root bind 463 Aug 20 12:40 named.conf
-rw-r--r-- 1 root bind 498 Aug 20 12:40 named.conf.default-zones
-rw-r--r-- 1 root bind 165 Aug 20 12:40 named.conf.local
-rw-r--r-- 1 root bind 846 Aug 20 12:40 named.conf.options
-rw-r----- 1 bind bind 100 Aug 25 14:43 rndc.key
-rw-r--r-- 1 root root 1317 Aug 20 12:40 zones.rfc1918`
Describe the results you expected:
I expected that the /etc/bind directory would have the same permissions applied regardless of which host OS it was built and run on. The Windows machine produced the correct output but the Linux machine did not. The Linux mahcine should have applied the permission specified in the chmod command.
Additional information you deem important (e.g. issue happens only occasionally):
Output of
docker version:Windows Machine:
Ubuntu Machine:
Output of
docker info:Windows Machine:
Ubuntu Machine:
Additional environment details (AWS, VirtualBox, physical, etc.):
OS info: Windows 10 Pro Version 20H2 OS build 19042.1237
OS info linux from running uname -a:
Linux myhostname 5.11.0-34-generic #36~20.04.1-Ubuntu SMP Fri Aug 27 08:06:32 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux