Browse code
remove chmod 755: fixes #5941
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Tibor Vass authored on 2014/05/21 05:39:46Showing 6 changed files
- docs/sources/reference/builder.md
- integration-cli/build_tests/TestAdd/EtcToRoot/Dockerfile
- integration-cli/build_tests/TestAdd/SingleFileToRoot/Dockerfile
- integration-cli/build_tests/TestAdd/WholeDirToRoot/Dockerfile
- integration-cli/docker_cli_build_test.go
- server/buildfile.go
| ... | ... |
@@ -235,7 +235,9 @@ being built (also called the *context* of the build) or a remote file URL. |
| 235 | 235 |
`<dest>` is the absolute path to which the source will be copied inside the |
| 236 | 236 |
destination container. |
| 237 | 237 |
|
| 238 |
-All new files and directories are created with mode 0755, uid and gid 0. |
|
| 238 |
+All new files and directories are created with a uid and gid of 0. |
|
| 239 |
+ |
|
| 240 |
+In the case where `<src>` is a remote file URL, the destination will have permissions 600. |
|
| 239 | 241 |
|
| 240 | 242 |
> **Note**: |
| 241 | 243 |
> If you build using STDIN (`docker build - < somefile`), there is no |
| ... | ... |
@@ -5,5 +5,5 @@ RUN touch /exists |
| 5 | 5 |
RUN chown dockerio.dockerio /exists |
| 6 | 6 |
ADD test_file / |
| 7 | 7 |
RUN [ $(ls -l /test_file | awk '{print $3":"$4}') = 'root:root' ]
|
| 8 |
-RUN [ $(ls -l /test_file | awk '{print $1}') = '-rwxr-xr-x' ]
|
|
| 8 |
+RUN [ $(ls -l /test_file | awk '{print $1}') = '-rw-r--r--' ]
|
|
| 9 | 9 |
RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
|
| ... | ... |
@@ -7,5 +7,5 @@ ADD test_dir /test_dir |
| 7 | 7 |
RUN [ $(ls -l / | grep test_dir | awk '{print $3":"$4}') = 'root:root' ]
|
| 8 | 8 |
RUN [ $(ls -l / | grep test_dir | awk '{print $1}') = 'drwxr-xr-x' ]
|
| 9 | 9 |
RUN [ $(ls -l /test_dir/test_file | awk '{print $3":"$4}') = 'root:root' ]
|
| 10 |
-RUN [ $(ls -l /test_dir/test_file | awk '{print $1}') = '-rwxr-xr-x' ]
|
|
| 10 |
+RUN [ $(ls -l /test_dir/test_file | awk '{print $1}') = '-rw-r--r--' ]
|
|
| 11 | 11 |
RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]
|
| ... | ... |
@@ -152,6 +152,21 @@ func TestAddWholeDirToRoot(t *testing.T) {
|
| 152 | 152 |
logDone("build - add whole directory to root")
|
| 153 | 153 |
} |
| 154 | 154 |
|
| 155 |
+func TestAddEtcToRoot(t *testing.T) {
|
|
| 156 |
+ buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestAdd") |
|
| 157 |
+ buildCmd := exec.Command(dockerBinary, "build", "-t", "testaddimg", "EtcToRoot") |
|
| 158 |
+ buildCmd.Dir = buildDirectory |
|
| 159 |
+ out, exitCode, err := runCommandWithOutput(buildCmd) |
|
| 160 |
+ errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
|
|
| 161 |
+ |
|
| 162 |
+ if err != nil || exitCode != 0 {
|
|
| 163 |
+ t.Fatal("failed to build the image")
|
|
| 164 |
+ } |
|
| 165 |
+ |
|
| 166 |
+ deleteImages("testaddimg")
|
|
| 167 |
+ logDone("build - add etc directory to root")
|
|
| 168 |
+} |
|
| 169 |
+ |
|
| 155 | 170 |
// Issue #5270 - ensure we throw a better error than "unexpected EOF" |
| 156 | 171 |
// when we can't access files in the context. |
| 157 | 172 |
func TestBuildWithInaccessibleFilesInContext(t *testing.T) {
|
| ... | ... |
@@ -438,9 +438,6 @@ func (b *buildFile) addContext(container *daemon.Container, orig, dest string, r |
| 438 | 438 |
if err := os.Lchown(path, uid, gid); err != nil && !os.IsNotExist(err) {
|
| 439 | 439 |
return err |
| 440 | 440 |
} |
| 441 |
- if err := os.Chmod(path, 0755); err != nil && !os.IsNotExist(err) {
|
|
| 442 |
- return err |
|
| 443 |
- } |
|
| 444 | 441 |
return nil |
| 445 | 442 |
}) |
| 446 | 443 |
} |