moby: Bad permissions on a trusted container, but correct permissions locally
I’ve hit a bug where the Unix permissions are wrongly set when the image is built automatically (trusted build) but when I run the build locally (using the same Dockerfile) everything is fine.
How to reproduce:
$ docker --version
Docker version 0.11.1, build fb99f99
$ docker run -it tinyerp/sandbox-postgresql
root@4871d1b57a8e:/# service postgresql start
* Starting PostgreSQL 9.3 database server [ OK ]
root@4871d1b57a8e:/# sudo -u postgres createdb testdb
createdb: database creation failed: ERROR: could not create directory "base/16385": Permission denied
root@4871d1b57a8e:/# ls -l /var/lib/postgresql/9.3/main/
total 64
-rw------- 1 postgres postgres 4 May 18 16:16 PG_VERSION
drwxr-xr-x 8 root root 4096 May 18 16:20 base
drwx------ 2 postgres postgres 4096 May 18 16:20 global
drwx------ 2 postgres postgres 4096 May 18 16:20 pg_clog
drwxr-xr-x 6 root root 4096 May 18 16:20 pg_multixact
drwx------ 2 postgres postgres 4096 May 18 16:20 pg_notify
drwx------ 2 postgres postgres 4096 May 18 16:16 pg_serial
drwx------ 2 postgres postgres 4096 May 18 16:16 pg_snapshots
drwx------ 2 postgres postgres 4096 May 18 16:20 pg_stat
drwx------ 2 postgres postgres 4096 May 18 16:26 pg_stat_tmp
drwx------ 2 postgres postgres 4096 May 18 16:20 pg_subtrans
drwx------ 2 postgres postgres 4096 May 18 16:16 pg_tblspc
drwx------ 2 postgres postgres 4096 May 18 16:16 pg_twophase
drwx------ 3 postgres postgres 4096 May 18 16:20 pg_xlog
-rw------- 1 postgres postgres 133 May 18 16:20 postmaster.opts
-rw------- 1 postgres postgres 98 May 18 16:20 postmaster.pid
root@4871d1b57a8e:/#
The directories base and pg_multixact are wrongly owned by root when they should be owned by postgres.
This is the Dockerfile published (https://index.docker.io/u/tinyerp/sandbox-postgresql/):
# DOCKER-VERSION 0.11.1
FROM ubuntu:14.04
RUN mv /usr/bin/ischroot /usr/bin/chroot.orig \
&& ln -s /bin/true /usr/bin/ischroot \
&& export DEBIAN_FRONTEND=noninteractive LANG && apt-get update \
&& apt-get install -y --no-install-recommends language-pack-en \
&& update-locale LANG=en_US.UTF-8 && . /etc/default/locale \
&& apt-get install -y postgresql-9.3
RUN pg_ctlcluster 9.3 main start && pg_ctlcluster 9.3 main stop
CMD ["/bin/bash", "--login"]
The last RUN pg_ctlcluster instruction starts and stops the PostgreSQL server in order to create a DB user. (I removed the createuser -d openerp while troubleshooting the issue).
I’m puzzled why it builds without this error locally, but the image is built wrong on the public registry.
About this issue
- Original URL
- State: closed
- Created 10 years ago
- Comments: 16 (3 by maintainers)
Commits related to this issue
- Swithed to manually created docker image * We use the manually created docker image as docker hub creates with the same Dockfile invalid images (https://github.com/dotcloud/docker/issues/5892) — committed to ubuntu/ubuntu-make by didrocks 10 years ago
- Dockerfile and 99docker.conf: Changed to have Gate One run as root since Docker's automated build process doesn't work with non-root users at the moment (see: https://github.com/docker/docker/issues/5... — committed to liftoff/GateOne by liftoff 10 years ago
Ran into this problem with trusted builds (https://registry.hub.docker.com/u/tanmaykm/juliabox_dev/) and wasted a ton of effort trying to figure it out before I ran into this report.
My Dockerfile creates a user and switches to it before running further commands. The user’s home directory ownership is incorrect and files created with some of the commands have incorrect ownership.
Added a
chownto counter it, but that too is not reliable.