search

rocky-linux / sig-cloud-instance-images

52 stars 7 forks source link

Latest 8 and 9 images does not seem to have a sticky bit for /tmp #38

Open riton opened 1 year ago

riton commented 1 year ago

Description

I can't figure out why, but it looks like latest rockylinux/rockylinux:8 and rockylinux/rockylinux:9 do not have a sticky bit positionned on /tmp.

What I've observed

rockylinux/rockylinux:8 (currently pointing to 8.7)

❯ docker run --pull always --rm rockylinux/rockylinux:8 /bin/ls -laFd /tmp
8: Pulling from rockylinux/rockylinux
Digest: sha256:481069b40ad8f8dc89b5ac2fa3f5fb1c24fc330656b58165983ad5c658349818
Status: Image is up to date for rockylinux/rockylinux:8
drwxrwxrwx 2 root root 4096 Nov 12 16:19 /tmp/

rockylinux/rockylinux:9 (currently pointing to 9.1)

❯ docker run --pull always --rm rockylinux/rockylinux:9 /bin/ls -laFd /tmp
9: Pulling from rockylinux/rockylinux
Digest: sha256:17118eed054bce9a57b03140b4aeb961297fdeb3aa680f4f2f74d341818613ea
Status: Image is up to date for rockylinux/rockylinux:9
drwxrwxrwx 2 root root 4096 Nov 23 15:10 /tmp/

Previous behavior

The sticky bit was there in the previous minor image version

rockylinux/rockylinux:8.6

❯ docker run --pull always --rm rockylinux/rockylinux:8.6 /bin/ls -laFd /tmp
8.6: Pulling from rockylinux/rockylinux
Digest: sha256:fc370d748f4cd1e6ac3d1b6460fb82201897fa15a16f43e947940df5aca1a56e
Status: Image is up to date for rockylinux/rockylinux:8.6
drwxrwxrwt 2 root root 4096 Jul  7 15:33 /tmp/

rockylinux/rockylinux:9.0

❯ docker run --pull always --rm rockylinux/rockylinux:9.0 /bin/ls -laFd /tmp
9.0: Pulling from rockylinux/rockylinux
Digest: sha256:ae6a9dde882e4234324850d6fadf15c6a9cfc8a064052fd87530efe0f775dea2
Status: Image is up to date for rockylinux/rockylinux:9.0
drwxrwxrwt 2 root root 4096 Jul 12 13:05 /tmp/

Software versions

docker version ``` ❯ docker version Client: Docker Engine - Community Version: 20.10.21 API version: 1.41 Go version: go1.18.7 Git commit: baeda1f Built: Tue Oct 25 18:01:58 2022 OS/Arch: linux/amd64 Context: default Experimental: true Server: Docker Engine - Community Engine: Version: 20.10.21 API version: 1.41 (minimum version 1.12) Go version: go1.18.7 Git commit: 3056208 Built: Tue Oct 25 17:59:49 2022 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.6.10 GitCommit: 770bd0108c32f3fb5c73ae1264f7e503fe7b2661 runc: Version: 1.1.4 GitCommit: v1.1.4-0-g5fd4c4d docker-init: Version: 0.19.0 GitCommit: de40ad0 ```
O.S version ``` ❯ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 22.04.1 LTS Release: 22.04 Codename: jammy ```
Kernel version ``` ❯ uname -a Linux XXXXX 5.15.0-53-generic #59-Ubuntu SMP Mon Oct 17 18:53:30 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux ```

Investigations

I've quickly looked at the various layer.tar.xz files and It seems that the sticky bit is there.

I don't really understand where it can disappear :shrug: Any help would be really appreciated.

Regards

Rémi

NeilHanlon commented 1 year ago

Apologies for the latency.. This is a weird one. Let me investigate more and see if this continues in the latest images I've built. As you say, the sticky bit is there on the tarfile, so i'm not sure why the build process is stripping it, seemingly