Unable to change VOLUME mount point permissions and owner after volume is declared

[Peter-Sh]

Description

Permissions (and owner) of volume directory cannot be changed after VOLUME directive is applied in current or parent image.

This seems to be default behaviour for docker, but works with DOCKER_BUILDKIT=1 and as such may be considered a useful feature.

The use case is to change directory permissions of /data volume declared in parent image to be able to run image in restricted environment (openshift with changing uids). If volume is declared in parent image you have to fully copy parent Dockerfile in order to just change permissions (and owner) of volume mount point.

Steps to reproduce the issue:

Tested with latest stable and testing buildah.

buildah bud --no-cache -<<DOCKERFILE
FROM alpine:3.16.2
RUN mkdir /data && chmod 600 /data
VOLUME /data
RUN chgrp -R 0 /data && chmod g=rwxs -R /data
RUN ls -aldh /data
DOCKERFILE

Describe the results you received:

STEP 5/5: RUN ls -aldh /data
drw-------    2 root     root           6 Nov  8 16:16 /data

Describe the results you expected:

Results of docker build with DOCKER_BUILDKIT=1

#7 [4/4] RUN ls -aldh /data
#7 sha256:73312dd88ff870fc9d847b569c92d2bbd675bdf4b8e2acb24cca091891102028
#7 0.248 drw-rws---    1 root     root           6 Nov  8 16:17 /data

[rhatdan]

I think we should follow Buildkit defaults. @flouthoc PTAL

[flouthoc]

I agree we should default to buildkit's behavior I'll open a PR for this.

[github-actions[bot]]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

@flouthoc any progress?

[github-actions[bot]]

A friendly reminder that this issue had no activity for 30 days.

[flouthoc]

Removing stale.

[github-actions[bot]]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

@flouthoc Reminder

[github-actions[bot]]

A friendly reminder that this issue had no activity for 30 days.

[github-actions[bot]]

A friendly reminder that this issue had no activity for 30 days.