COPY --from doesn't preserve setuid (access permissions) · Issue #37830 · moby/moby (original) (raw)
Description
FROM debian:stretch-slim RUN test $(stat -c %a /bin/su) = 4755
this succeeds
FROM debian:stretch-slim COPY --from=0 /bin/su /su RUN test $(stat -c %a /su) = 4755
this fails
Steps to reproduce the issue:
- docker build .
- cry
Describe the results you received:
Failure
Describe the results you expected:
Success
Output of docker version:
Client:
Version: 18.06.1-ce
API version: 1.38
Go version: go1.11
Git commit: e68fc7a215
Built: Fri Sep 7 11:26:59 2018
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 18.06.1-ce
API version: 1.38 (minimum version 1.12)
Go version: go1.11
Git commit: e68fc7a215
Built: Fri Sep 7 11:26:11 2018
OS/Arch: linux/amd64
Experimental: false
Output of docker info:
Containers: 9
Running: 0
Paused: 0
Stopped: 9
Images: 798
Server Version: 18.06.1-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 4.18.6-arch1-1-ARCH
Operating System: Arch Linux
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.65GiB
Name: frebib-PC.nerdhouse.io
ID: T3HP:CA5T:RSEV:IILS:HWEK:OVLC:DPDT:XWA7:NST3:2T4V:TLMF:SLJY
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Username: frebib
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false