[BUG] configs: sets incorrect file permissions

[ee-github]

Description

When using configs: to inject a file from within Docker Compose, the file permissions become 440 instead of 444 as expected by the documentation here: https://docs.docker.com/reference/compose-file/services/#configs

Steps To Reproduce

Create a compose file with some container and the following:

configs:
  - source: init-mongo.js
    target: /docker-entrypoint-initdb.d/init-mongo.js

Observe that the permissions are not "world readable" as per the defaults described in the docs.

docker exec -it my_container bash
root@0104be4681ac:/# ls -la /docker-entrypoint-initdb.d/
total 12
drwxr-xr-x 1 root root 4096 Apr 29 23:08 .
drwxr-xr-x 1 root root 4096 Apr 29 23:08 ..
-r--r----- 1 root root  238 Apr 29 23:08 init-mongo.js
root@0104be4681ac:/#

Explicitly set the file permissions with the 'mode' keyword. Then observe that the permissions are as configured.

configs:
  - source: init-mongo.js
    target: /docker-entrypoint-initdb.d/init-mongo.js
    mode: 0444

docker exec -it my_container bash
root@3f3c2d84cb04:/# ls -la /docker-entrypoint-initdb.d/
total 12
drwxr-xr-x 1 root root 4096 Apr 29 23:11 .
drwxr-xr-x 1 root root 4096 Apr 29 23:11 ..
-r--r--r-- 1 root root  238 Apr 29 23:11 init-mongo.js
root@3f3c2d84cb04:/# 

Observed on Docker Compose version v2.34.0 on Ubuntu22

Ran into the issue when with the MongoDB container/service in this compose file (which seems to rely on the default permissions being 0444 as per the documentation): https://github.com/GiuseppeGalilei/Unifi-Network-Application/blob/main/Unifi%20network%20Application%20-%20Generic/docker-compose.yml

Compose Version

Docker Compose version v2.34.0

Docker Environment

Client: Docker Engine - Community
 Version:    28.0.4
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.22.0
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.34.0
    Path:     /usr/libexec/docker/cli-plugins/docker-compose
  scan: Docker Scan (Docker Inc.)
    Version:  v0.23.0
    Path:     /usr/libexec/docker/cli-plugins/docker-scan

Server:
 Containers: 8
  Running: 8
  Paused: 0
  Stopped: 0
 Images: 12
 Server Version: 28.0.4
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 753481ec61c7c8955a23d6ff7bc8e4daed455734
 runc version: v1.2.5-0-g59923ef
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 5.15.0-135-generic
 Operating System: Ubuntu 22.04.5 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 3.82GiB
 Name: ubuntua22
 ID: 6Y7Q:D2IL:YIVU:LMJR:ZAAT:TJNV:OPKW:IQXC:GRTJ:JBI2:ZLVS:C3NA
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: true
 Insecure Registries:
  ::1/128
  127.0.0.0/8
 Live Restore Enabled: false

Anything else?

No response

[ndeloof]

already fixed by #12666
please give v2.35 a try

[ee-github]

Retested using 2.35.1 and it is indeed fixed.

I was one 'sudo apt upgrade' away from not hitting this bug. So close... :)

Thank you.