docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5953 from tiborvass/remove-chmod-755 

remove chmod 755: fixes #5941
This commit is contained in:
Michael Crosby 2014-05-21 12:27:06 -07:00
parent 29a192ca4d bb431a7190
commit 2ff4f71528
8 changed files with 41 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/sources/reference/builder.md
View File

@ -235,7 +235,9 @@ being built (also called the *context* of the build) or a remote file URL.
`<dest>` is the absolute path to which the source will be copied inside the `<dest>` is the absolute path to which the source will be copied inside the
destination container. destination container.
All new files and directories are created with mode 0755, uid and gid 0. All new files and directories are created with a uid and gid of 0.
In the case where `<src>` is a remote file URL, the destination will have permissions 600.
> **Note**: > **Note**:
> If you build using STDIN (`docker build - < somefile`), there is no > If you build using STDIN (`docker build - < somefile`), there is no

2
integration-cli/build_tests/TestAdd/EtcToRoot/Dockerfile Normal file
View File

@ -0,0 +1,2 @@
FROM scratch
ADD . /

2
integration-cli/build_tests/TestAdd/SingleFileToRoot/Dockerfile
View File

@ -5,5 +5,5 @@ RUN touch /exists
RUN chown dockerio.dockerio /exists RUN chown dockerio.dockerio /exists
ADD test_file / ADD test_file /
RUN [ $(ls -l /test_file | awk '{print $3":"$4}') = 'root:root' ] RUN [ $(ls -l /test_file | awk '{print $3":"$4}') = 'root:root' ]
RUN [ $(ls -l /test_file | awk '{print $1}') = '-rwxr-xr-x' ] RUN [ $(ls -l /test_file | awk '{print $1}') = '-rw-r--r--' ]
RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ] RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]

0
integration-cli/build_tests/TestAdd/SingleFileToRoot/test_file
View File

2
integration-cli/build_tests/TestAdd/WholeDirToRoot/Dockerfile
View File

@ -7,5 +7,5 @@ ADD test_dir /test_dir
RUN [ $(ls -l / | grep test_dir | awk '{print $3":"$4}') = 'root:root' ] RUN [ $(ls -l / | grep test_dir | awk '{print $3":"$4}') = 'root:root' ]
RUN [ $(ls -l / | grep test_dir | awk '{print $1}') = 'drwxr-xr-x' ] RUN [ $(ls -l / | grep test_dir | awk '{print $1}') = 'drwxr-xr-x' ]
RUN [ $(ls -l /test_dir/test_file | awk '{print $3":"$4}') = 'root:root' ] RUN [ $(ls -l /test_dir/test_file | awk '{print $3":"$4}') = 'root:root' ]
RUN [ $(ls -l /test_dir/test_file | awk '{print $1}') = '-rwxr-xr-x' ] RUN [ $(ls -l /test_dir/test_file | awk '{print $1}') = '-rw-r--r--' ]
RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ] RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ]

0
integration-cli/build_tests/TestAdd/WholeDirToRoot/test_dir/test_file
View File

39
integration-cli/docker_cli_build_test.go
View File

@ -57,8 +57,13 @@ func TestBuildSixtySteps(t *testing.T) {
} }
func TestAddSingleFileToRoot(t *testing.T) { func TestAddSingleFileToRoot(t *testing.T) {
buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestAdd") buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestAdd", "SingleFileToRoot")
buildCmd := exec.Command(dockerBinary, "build", "-t", "testaddimg", "SingleFileToRoot") f, err := os.OpenFile(filepath.Join(buildDirectory, "test_file"), os.O_CREATE, 0644)
if err != nil {
t.Fatal(err)
}
f.Close()
buildCmd := exec.Command(dockerBinary, "build", "-t", "testaddimg", ".")
buildCmd.Dir = buildDirectory buildCmd.Dir = buildDirectory
out, exitCode, err := runCommandWithOutput(buildCmd) out, exitCode, err := runCommandWithOutput(buildCmd)
errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err)) errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
@ -137,8 +142,17 @@ func TestAddDirContentToExistDir(t *testing.T) {
} }
func TestAddWholeDirToRoot(t *testing.T) { func TestAddWholeDirToRoot(t *testing.T) {
buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestAdd") buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestAdd", "WholeDirToRoot")
buildCmd := exec.Command(dockerBinary, "build", "-t", "testaddimg", "WholeDirToRoot") test_dir := filepath.Join(buildDirectory, "test_dir")
if err := os.MkdirAll(test_dir, 0755); err != nil {
t.Fatal(err)
}
f, err := os.OpenFile(filepath.Join(test_dir, "test_file"), os.O_CREATE, 0644)
if err != nil {
t.Fatal(err)
}
f.Close()
buildCmd := exec.Command(dockerBinary, "build", "-t", "testaddimg", ".")
buildCmd.Dir = buildDirectory buildCmd.Dir = buildDirectory
out, exitCode, err := runCommandWithOutput(buildCmd) out, exitCode, err := runCommandWithOutput(buildCmd)
errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err)) errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
@ -152,6 +166,21 @@ func TestAddWholeDirToRoot(t *testing.T) {
logDone("build - add whole directory to root") logDone("build - add whole directory to root")
} }
func TestAddEtcToRoot(t *testing.T) {
buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestAdd")
buildCmd := exec.Command(dockerBinary, "build", "-t", "testaddimg", "EtcToRoot")
buildCmd.Dir = buildDirectory
out, exitCode, err := runCommandWithOutput(buildCmd)
errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
if err != nil || exitCode != 0 {
t.Fatal("failed to build the image")
}
deleteImages("testaddimg")
logDone("build - add etc directory to root")
}
// Issue #5270 - ensure we throw a better error than "unexpected EOF" // Issue #5270 - ensure we throw a better error than "unexpected EOF"
// when we can't access files in the context. // when we can't access files in the context.
func TestBuildWithInaccessibleFilesInContext(t *testing.T) { func TestBuildWithInaccessibleFilesInContext(t *testing.T) {
@ -177,7 +206,7 @@ func TestBuildWithInaccessibleFilesInContext(t *testing.T) {
// check if we've detected the failure before we started building // check if we've detected the failure before we started building
if !strings.Contains(out, "no permission to read from ") { if !strings.Contains(out, "no permission to read from ") {
t.Fatalf("output should've contained the string: no permission to read from ") t.Fatalf("output should've contained the string: no permission to read from but contained: %s", out)
} }
if !strings.Contains(out, "Error checking context is accessible") { if !strings.Contains(out, "Error checking context is accessible") {

3
server/buildfile.go
View File

@ -438,9 +438,6 @@ func (b *buildFile) addContext(container *daemon.Container, orig, dest string, r
if err := os.Lchown(path, uid, gid); err != nil && !os.IsNotExist(err) { if err := os.Lchown(path, uid, gid); err != nil && !os.IsNotExist(err) {
return err return err
} }
if err := os.Chmod(path, 0755); err != nil && !os.IsNotExist(err) {
return err
}
return nil return nil
}) })
} }