docker-alpine icon indicating copy to clipboard operation
docker-alpine copied to clipboard

Published 20 hours ago verified publisher icon alpinelinux

bash under alpine:edge failed in testing file writable

Open ouyangde opened this issue 3 years ago • 7 comments

Steps to reproduce:

   root@vm ~# docker run --rm -it alpine:edge sh
   / # apk --update add bash
   fetch https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
   (1/4) Installing ncurses-terminfo-base (6.2_p20210306-r0)
   (2/4) Installing ncurses-libs (6.2_p20210306-r0)
   (3/4) Installing readline (8.1.0-r0)
   (4/4) Installing bash (5.1.4-r0)
   Executing bash-5.1.4-r0.post-install
   Executing busybox-1.33.0-r2.trigger
   OK: 8 MiB in 18 packages
   / # touch test
   / # bash -c '[ -w test ] && echo 1'
   / # sh -c '[ -w test ] && echo 1'
   1
   / # exit

Version to reproduce: (Result from docker inspect alpine:edge)

    "Id": "sha256:34dac78053209f08ed66b41b4730ac08603e06a1888072d7145efb68a3b2aa8a",
    "RepoTags": [
        "alpine:edge"
    ],
    "RepoDigests": [
        "alpine@sha256:78b6d0a9e7a5b3d2aa1c10932f08272d360a9b35e80b3cc5fb04b30e04fecf4b"
    ],
    "Parent": "",
    "Comment": "",
    "Created": "2021-02-12T20:19:59.864166354Z",

ouyangde avatar Mar 12 '21 01:03 ouyangde

Found an issue to check if file is readable in library/alpine:3.14: the file has read permission for everyone (checked) but the test returns an error code:

bash-5.1# [[ -r /etc/dehydrated/domains.txt ]]
bash-5.1# echo $?
1
bash-5.1# ls -alh /etc/dehydrated/
total 32K
drwxr-xr-x    1 root     root        4.0K Jun 29 18:30 .
drwxr-xr-x    1 root     root        4.0K Jun 29 18:20 ..
-rw-r--r--    1 root     root          96 Jun 29 18:30 domains.txt

fabiorauber avatar Jun 29 '21 18:06 fabiorauber

Reverting to library/alpine:3.13 fixed the issue, for me.

bash-5.1# [[ -r domains.txt ]]
bash-5.1# echo $?
0

fabiorauber avatar Jun 29 '21 19:06 fabiorauber

very annoying bug, I stumbled upon this one myself. Still present in the current version of alpine:3.14

Any suggestions on how to tackle or any WIP on this? going back to 3.13 might not be the smartest solution here.

macmeck avatar Aug 30 '21 20:08 macmeck

This is related to faccessat2 syscall has been enabled in musl in alpine starting 3.14. Due to a bug in runc it fails if your kernel do not support faccessat2. Short answer update runc to >= 1.0.0-rc93 or update kernel to 5.8 (upgrading kernel should work but i haven't tested it)
Detail in release note https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0#faccessat2 Bug in runc (fixed in 1.0.0-rc93 ) https://github.com/opencontainers/runc/issues/2151

mk-dhia avatar Sep 03 '21 15:09 mk-dhia

This also seems to affect the executable test in Alpine 3.14:

$> docker run -it alpine:3.14 /bin/sh
/ # apk update && apk add bash 
...
/ # bash
bash-5.1# if [ ! -x /bin/bash ]; then echo "I should not get printed!"; fi
I should not get printed!
bash-5.1#

Not sure whether this is worth a new issue here?

gendergap avatar Sep 30 '21 13:09 gendergap

Same issue on alpine:3.15.0 and alpine:edge.

Directory test also failed ( test -x /tmp then echo $? , got 1 )

lff0305 avatar Dec 20 '21 03:12 lff0305

And issue exists in alpine images 3.17.2, 3.17.3

SaberStrat avatar Oct 25 '23 08:10 SaberStrat