search

GoogleContainerTools / kaniko

Build Container Images In Kubernetes
Apache License 2.0
14.88k stars 1.44k forks source link

ADD --chown does not chown the created folders #2415

Closed QuentinN42 closed 11 months ago

QuentinN42 commented 1 year ago

Actual behavior

Running ADD with chwon within a context with USER does not create the dir with the right perms

Expected behavior

Creating a directory needs to allow the user to edit it.

In docker, I get :

 => => # uid=1000(1000) gid=1000(1000) groups=1000(1000)                                                                                                                                                                                                                                             
 => => # total 12                                                                                                                                                                                                                                                                                    
 => => # drwxr-xr-x 2 1000 1000 4096 Mar  4 21:08 .                                                                                                                                                                                                                                                  
 => => # drwxr-xr-x 3 1000 1000 4096 Mar  4 21:08 ..                                                                                                                                                                                                                                                 
 => => # -rw-r--r-- 1 1000 1000  155 Mar  4 21:08 Dockerfile

In kaniko, I get :

uid=1000(1000) gid=1000(1000) groups=1000(1000)
total 12
drwxr-xr-x 2 root root 4096 Mar  4 21:06 .
drwxr-xr-x 3 root root 4096 Mar  4 21:06 ..
-rw-r--r-- 1 1000 1000  144 Mar  4 21:06 Dockerfile

To Reproduce Steps to reproduce the behavior:

  1. FROM any image
  2. Create a user (RUN useradd ...)
  3. ADD with --chown a file with a target folder that does not exist
  4. Try to create another dir in it with a RUN command

Additional Information Dockerfile (this is the only context)

FROM debian:bullseye-20220801-slim

RUN useradd 1000
USER 1000

ADD --chown=1000:1000 Dockerfile /path/to/Dockerfile

RUN id ; ls -la /path/to/

The command I run :

> docker run -it --rm -v `pwd`:/work gcr.io/kaniko-project/executor:debug --context /work --dockerfile /work/Dockerfile --no-push
INFO[0000] Retrieving image manifest debian:bullseye-20220801-slim 
INFO[0000] Retrieving image debian:bullseye-20220801-slim from registry index.docker.io 
INFO[0001] Built cross stage deps: map[]                
INFO[0001] Retrieving image manifest debian:bullseye-20220801-slim 
INFO[0001] Returning cached image manifest              
INFO[0001] Executing 0 build triggers                   
INFO[0001] Building stage 'debian:bullseye-20220801-slim' [idx: '0', base-idx: '-1'] 
INFO[0001] Unpacking rootfs as cmd RUN useradd 1000 requires it. 
INFO[0003] RUN useradd 1000                             
INFO[0003] Initializing snapshotter ...                 
INFO[0003] Taking snapshot of full filesystem...        
INFO[0003] Cmd: /bin/sh                                 
INFO[0003] Args: [-c useradd 1000]                      
INFO[0003] Running: [/bin/sh -c useradd 1000]           
INFO[0003] Taking snapshot of full filesystem...        
INFO[0003] USER 1000                                    
INFO[0003] Cmd: USER                                    
INFO[0003] Using files from context: [/work/Dockerfile] 
INFO[0003] ADD --chown=1000:1000 Dockerfile /path/to/Dockerfile 
INFO[0003] Taking snapshot of files...                  
INFO[0003] RUN id ; ls -la /path/to/                    
INFO[0003] Cmd: /bin/sh                                 
INFO[0003] Args: [-c id ; ls -la /path/to/]             
INFO[0003] Util.Lookup returned: &{Uid:1000 Gid:1000 Username:1000 Name: HomeDir:/home/1000} 
INFO[0003] Performing slow lookup of group ids for 1000 
INFO[0003] Running: [/bin/sh -c id ; ls -la /path/to/]  
uid=1000(1000) gid=1000(1000) groups=1000(1000)
total 12
drwxr-xr-x 2 root root 4096 Mar  4 21:06 .
drwxr-xr-x 3 root root 4096 Mar  4 21:06 ..
-rw-r--r-- 1 1000 1000  144 Mar  4 21:06 Dockerfile
INFO[0003] Taking snapshot of full filesystem...        
INFO[0003] No files were changed, appending empty layer to config. No layer added to image. 
INFO[0003] Skipping push to container registry due to --no-push flag

Build sha : sha256:ac169723b2076f9d5804f4bc05c98397e286da6fdcdd5a09fdc179f06ccb3be1

Triage Notes for the Maintainers

Description Yes/No
Please check if this a new feature you are proposing
  • - [x]
Please check if the build works in docker but not in kaniko
  • - [x]
Please check if this error is seen when you use --cache flag
  • - [x]
Please check if your dockerfile is a multistage dockerfile
  • - [x]
QuentinN42 commented 1 year ago

If you tell me where I need to code, I can open a MR to solve the Issue.

jochenberger commented 1 year ago

Duplicate of #1524?