opencontainers
Clarification if parent directories can be omitted in layer tar
This spec contains an example on "Representing Changes" in an image layer (https://github.com/opencontainers/image-spec/blob/main/layer.md#representing-changes):
./etc/my-app.d/ ./etc/my-app.d/default.cfg ./bin/my-app-tools ./etc/.wh.my-app-config
which suggested to me that a changeset does not need to include parent directories (/etc/ in this example).
Furthermore, I assumed that the parent directories would then need to be present in parent layers under which the files would then be visible in the union filesystem.
I created a layer that omits parent directories and it turns out, that the result is not as expected (tested with Docker). The missing parent directories are automatically created with default permissions. The directories in parent layers are shadowed which is problematic if they have different permissions.
I think my assumptions about omitting directories in a layer tar are incorrect. Can you confirm this? Or should it be supported and there is an implementation bug in the container runtime? Either way, imho the example should be adapted or the expected behavior should be documented.
I believe this is being worked on in #970. While it's possible to omit a directory in the tar structure, it is not possible to omit the parent folders in the unpacked filesystem layer. It's also not possible to depend on the previous image state since a layer may be used by multiple images and the parent directory permissions should not vary based on the order images are unpacked on the host.
