moby: AUFS broken permissions?
docker info
Containers: 7
Running: 0
Paused: 0
Stopped: 7
Images: 59
Server Version: 1.10.0
Storage Driver: aufs
Root Dir: /mnt/sda1/var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 51
Dirperm1 Supported: true
Execution Driver: native-0.2
Logging Driver: json-file
Plugins:
Volume: local
Network: bridge null host
Kernel Version: 4.1.17-boot2docker
Operating System: Boot2Docker 1.10.0 (TCL 6.4.1); master : b09ed60 - Thu Feb 4 20:16:08 UTC 2016
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 996.2 MiB
Name: pouet2
ID: 6J3W:3S7J:QA6U:2JLY:PEPW:6WNL:4P6N:PWFB:U2XT:KP3S:HDFT:E6QU
Debug mode (server): true
File Descriptors: 10
Goroutines: 22
System Time: 2016-02-11T18:32:54.290248331Z
EventsListeners: 0
Init SHA1:
Init Path: /usr/local/bin/docker
Docker Root Dir: /mnt/sda1/var/lib/docker
Username: dmp42
Registry: https://index.docker.io/v1/
Labels:
provider=virtualbox
Dockerfile:
FROM debian:jessie
# Creating test account
RUN adduser --quiet testing
# Copy contrib folder
COPY ./ /home/testing/
RUN chown -R testing:testing /home/testing/
RUN ls -lA /home/testing/contrib
USER testing
RUN ls -lA /home/testing/contrib
To reproduce, be sure to have a contrib folder in the current directory, with at least one subfolder.
Result:
docker build .
Step 5 : RUN ls -lA /home/testing/contrib
---> Running in 14b2711f2a50
total 20
drwx------ 2 testing testing 4096 Feb 11 18:31 apache
drwxr-xr-x 2 testing testing 4096 Feb 11 18:31 ceph
drwx------ 4 testing testing 4096 Feb 11 18:31 compose
drwxr-xr-x 4 testing testing 4096 Feb 11 18:31 docker-integration
drwx------ 6 testing testing 4096 Feb 11 18:31 testing
---> 4b3a7bdb66d0
Removing intermediate container 14b2711f2a50
Step 6 : USER testing
---> Running in c3b0cb5a323e
---> c2742d90a5fb
Removing intermediate container c3b0cb5a323e
Step 7 : RUN ls -lA /home/testing/contrib
---> Running in 789914bc918e
ls: cannot access /home/testing/contrib/testing: Permission denied
ls: cannot access /home/testing/contrib/compose: Permission denied
ls: cannot access /home/testing/contrib/docker-integration: Permission denied
ls: cannot access /home/testing/contrib/apache: Permission denied
ls: cannot access /home/testing/contrib/ceph: Permission denied
total 0
d????????? ? ? ? ? ? apache
d????????? ? ? ? ? ? ceph
d????????? ? ? ? ? ? compose
d????????? ? ? ? ? ? docker-integration
d????????? ? ? ? ? ? testing
The command '/bin/sh -c ls -lA /home/testing/contrib' returned a non-zero code: 1
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Comments: 20 (9 by maintainers)
Commits related to this issue
- Workaround https://github.com/docker/docker/issues/20240. — committed to oondeo/docker-odoo by deleted user 8 years ago
- AUFS weird permission(docker/docker#20240) seems almost closed — committed to AkihiroSuda/issues-docker by AkihiroSuda 8 years ago
patch has been added to aufs >=4.(x>=1)-20160905
If you have an older aufs version <4.1 because of an older kernel I guess the only option is to apply the patch manually.
https://github.com/sfjro/aufs4-standalone/commit/625634d1dc3e6a0d03fbd918c074912797f5903b#diff-766898e31d29972e93ec410af8228d9a
@otherjason I’ve emailed aufs-users at lists.sourceforge.net hopefully someone will be able to review.
Hi,
I’ve been beaten by this bug few hours ago.
I can confirm the behaviour : get broen permissions (???) until you first “access” the resource as root. As stated by someone else a simple “ls” as root first will fix everything. I’ve actually added the following to my entrypoint logic :
Env info :
Cheers, Francesco
Workaround: Run
ls -R /home/testingas root before any other command.