desktop-linux
desktop-linux copied to clipboard
docker
Command setfacl doesn't work in Linux with folders under bind mounts (works in Windows or with volume mounts)
Description
There is an inconsistent behavior of setfacl between Windows (and possibly MacOS) and Linux. Seems that setfacl cannot be used with folders in a bind-mount on Linux, only on Windows (and possibly MacOS).
You can try it yourself with this minimal repository.
Reproduce
Given:
folder-volume: a Docker volumefolder-bind: a regular folder inside a Docker bind-mount (entire/workspaceis a bind-mount)
Running setfacl on folder-volume:
setfacl -dR -m u:www-data:rwX -m u:"$(whoami)":rwX /workspace/folder-volume
- ✅ Windows works fine
- ✅ Linux works fine
Running setfacl command on folder-bind:
setfacl -dR -m u:www-data:rwX -m u:"$(whoami)":rwX /workspace/folder-bind
- ✅ Windows works fine
- ❌ Linux throws the error Not supported
Expected behavior
No response
docker version
Client: Docker Engine - Community
Cloud integration: v1.0.35-desktop+001
Version: 24.0.6
API version: 1.43
Go version: go1.20.7
Git commit: ed223bc
Built: Mon Sep 4 12:32:10 2023
OS/Arch: linux/amd64
Context: desktop-linux
Server: Docker Desktop 4.22.1 (118664)
Engine:
Version: 24.0.5
API version: 1.43 (minimum version 1.12)
Go version: go1.20.6
Git commit: a61e2b4
Built: Fri Jul 21 20:35:45 2023
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.21
GitCommit: 3dce8eb055cbb6872793272b4f20ed16117344f8
runc:
Version: 1.1.7
GitCommit: v1.1.7-0-g860f061
docker-init:
Version: 0.19.0
GitCommit: de40ad0
docker info
Client: Docker Engine - Community
Version: 24.0.6
Context: desktop-linux
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.11.2-desktop.1
Path: /usr/lib/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.20.2-desktop.1
Path: /usr/lib/docker/cli-plugins/docker-compose
dev: Docker Dev Environments (Docker Inc.)
Version: v0.1.0
Path: /usr/lib/docker/cli-plugins/docker-dev
extension: Manages Docker extensions (Docker Inc.)
Version: v0.2.20
Path: /usr/lib/docker/cli-plugins/docker-extension
init: Creates Docker-related starter files for your project (Docker Inc.)
Version: v0.1.0-beta.6
Path: /usr/lib/docker/cli-plugins/docker-init
sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
Version: 0.6.0
Path: /usr/lib/docker/cli-plugins/docker-sbom
scan: Docker Scan (Docker Inc.)
Version: v0.26.0
Path: /usr/lib/docker/cli-plugins/docker-scan
scout: Command line tool for Docker Scout (Docker Inc.)
Version: 0.20.0
Path: /usr/lib/docker/cli-plugins/docker-scout
Server:
Containers: 7
Running: 0
Paused: 0
Stopped: 7
Images: 37
Server Version: 24.0.5
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 3dce8eb055cbb6872793272b4f20ed16117344f8
runc version: v1.1.7-0-g860f061
init version: de40ad0
Security Options:
seccomp
Profile: unconfined
cgroupns
Kernel Version: 5.15.49-linuxkit-pr
Operating System: Docker Desktop
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 7.543GiB
Name: docker-desktop
ID: 680200fb-2dba-4350-9041-3f6fd09fabd7
Docker Root Dir: /var/lib/docker
Debug Mode: false
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
No Proxy: hubproxy.docker.internal
Experimental: false
Insecure Registries:
hubproxy.docker.internal:5555
127.0.0.0/8
Live Restore Enabled: false
WARNING: daemon is not using the default seccomp profile
Diagnostics ID
0e64b90a-f232-4db2-a361-2c66e0f2b68c/20230915182517
Additional Info
No response
