buildah Unable to change VOLUME mount point permissions and owner after volume is declared

Unable to change VOLUME mount point permissions and owner after volume is declared

Open Peter-Sh opened this issue 2 years ago • 10 comments

Description

Permissions (and owner) of volume directory cannot be changed after VOLUME directive is applied in current or parent image.

This seems to be default behaviour for docker, but works with DOCKER_BUILDKIT=1 and as such may be considered a useful feature.

The use case is to change directory permissions of /data volume declared in parent image to be able to run image in restricted environment (openshift with changing uids). If volume is declared in parent image you have to fully copy parent Dockerfile in order to just change permissions (and owner) of volume mount point.

Steps to reproduce the issue:

Tested with latest stable and testing buildah.

buildah bud --no-cache -<<DOCKERFILE
FROM alpine:3.16.2
RUN mkdir /data && chmod 600 /data
VOLUME /data
RUN chgrp -R 0 /data && chmod g=rwxs -R /data
RUN ls -aldh /data
DOCKERFILE

Describe the results you received:

STEP 5/5: RUN ls -aldh /data
drw-------    2 root     root           6 Nov  8 16:16 /data

Describe the results you expected:

Results of docker build with DOCKER_BUILDKIT=1

#7 [4/4] RUN ls -aldh /data
#7 sha256:73312dd88ff870fc9d847b569c92d2bbd675bdf4b8e2acb24cca091891102028
#7 0.248 drw-rws---    1 root     root           6 Nov  8 16:17 /data

Nov 08 '22 16:11 Peter-Sh

I think we should follow Buildkit defaults. @flouthoc PTAL

Nov 08 '22 21:11 rhatdan

I agree we should default to buildkit's behavior I'll open a PR for this.