bash under alpine:edge failed in testing file writable

alpinelinux / docker-alpine

Official Alpine Linux Docker image. Win at minimalism!

MIT License

1.1k stars 264 forks source link

bash under alpine:edge failed in testing file writable #156

Open ouyangde opened 3 years ago

ouyangde commented 3 years ago

Steps to reproduce:

root@vm ~# docker run --rm -it alpine:edge sh / # apk --update add bash fetch https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz (1/4) Installing ncurses-terminfo-base (6.2_p20210306-r0) (2/4) Installing ncurses-libs (6.2_p20210306-r0) (3/4) Installing readline (8.1.0-r0) (4/4) Installing bash (5.1.4-r0) Executing bash-5.1.4-r0.post-install Executing busybox-1.33.0-r2.trigger OK: 8 MiB in 18 packages / # touch test / # bash -c '[ -w test ] && echo 1' / # sh -c '[ -w test ] && echo 1' 1 / # exit

Version to reproduce: (Result from docker inspect alpine:edge)

"Id": "sha256:34dac78053209f08ed66b41b4730ac08603e06a1888072d7145efb68a3b2aa8a", "RepoTags": [ "alpine:edge" ], "RepoDigests": [ "alpine@sha256:78b6d0a9e7a5b3d2aa1c10932f08272d360a9b35e80b3cc5fb04b30e04fecf4b" ], "Parent": "", "Comment": "", "Created": "2021-02-12T20:19:59.864166354Z",

fabiorauber commented 3 years ago

Found an issue to check if file is readable in library/alpine:3.14: the file has read permission for everyone (checked) but the test returns an error code:

bash-5.1# [[ -r /etc/dehydrated/domains.txt ]]
bash-5.1# echo $?
1
bash-5.1# ls -alh /etc/dehydrated/
total 32K
drwxr-xr-x    1 root     root        4.0K Jun 29 18:30 .
drwxr-xr-x    1 root     root        4.0K Jun 29 18:20 ..
-rw-r--r--    1 root     root          96 Jun 29 18:30 domains.txt

fabiorauber commented 3 years ago

Reverting to library/alpine:3.13 fixed the issue, for me.

bash-5.1# [[ -r domains.txt ]]
bash-5.1# echo $?
0

macmeck commented 3 years ago

very annoying bug, I stumbled upon this one myself. Still present in the current version of alpine:3.14

Any suggestions on how to tackle or any WIP on this? going back to 3.13 might not be the smartest solution here.

mk-dhia commented 3 years ago

This is related to faccessat2 syscall has been enabled in musl in alpine starting 3.14. Due to a bug in runc it fails if your kernel do not support faccessat2. Short answer update runc to >= 1.0.0-rc93 or update kernel to 5.8 (upgrading kernel should work but i haven't tested it)
Detail in release note https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0#faccessat2 Bug in runc (fixed in 1.0.0-rc93 ) https://github.com/opencontainers/runc/issues/2151

gendergap commented 3 years ago

This also seems to affect the executable test in Alpine 3.14:

$> docker run -it alpine:3.14 /bin/sh
/ # apk update && apk add bash 
...
/ # bash
bash-5.1# if [ ! -x /bin/bash ]; then echo "I should not get printed!"; fi
I should not get printed!
bash-5.1#

Not sure whether this is worth a new issue here?

lff0305 commented 2 years ago

Same issue on alpine:3.15.0 and alpine:edge.

Directory test also failed ( test -x /tmp then echo $? , got 1 )

SaberStrat commented 1 year ago

And issue exists in alpine images 3.17.2, 3.17.3