slim icon indicating copy to clipboard operation
slim copied to clipboard
verified publisher icon slimtoolkit

Master app fails to create a new docker image due to restricted file permissions on the image files (workaround exists)

Open kcq opened this issue 6 years ago • 6 comments

Reported by Danesh ( @dforouhari ):

  1. I am logged with my uid (dforouhari)
  2. docker-slim failed with/at

docker-slim[build]: state=building message='building minified image' time="2019-03-19T16:45:56-07:00" level=fatal msg="docker-slim: failure" error="no permission to read from '/home/dforouhari/3rd _party_src/dist_linux/.images/752f8eea14330275ff2c3e1611f7db98cc13cfa9c9cc635b6970a7afb0f113e3/artifacts/files/root/.ssh/id_rsa '" stack="goroutine 1 [running]:

[dforouhari@artifacts]$ pwd /home/dforouhari/3rd_party_src/dist_linux/.images/752f8eea14330275ff2c3e1611f7db98cc13cfa9c9cc635b6970a7afb0f113e3/artifacts [dforouhari@artifacts]$ ls -lt total 96 -rw-r--r-- 1 dforouhari dforouhari 176 Mar 19 16:45 Dockerfile -rw-r--r-- 1 dforouhari dforouhari 3700 Mar 19 16:45 img_demo-seccomp.json -rw-r--r-- 1 dforouhari dforouhari 3089 Mar 19 16:45 img_demo-apparmor-profile -rw-r--r-- 1 root root 81795 Mar 19 16:45 creport.json #Question is the uid/gid root what u expect? drwxr-xr-x 10 root root 101 Mar 19 16:45 files #Question is the uid/gid root what u expect? -rw-r--r-- 1 dforouhari dforouhari 2691 Mar 19 16:44 Dockerfile.fat

Here is the perm on the specific file that docker-slim complained about [dforouhari@artifacts]$ ls -l /home/dforouhari/3rd_party_src/dist_linux/.images/752f8eea14330275ff2c3e1611f7db98cc13cfa9c9cc635b6970a7afb0f113e3/artifacts/files/root/.ssh/id_rsa -rw------- 1 root root 1675 Mar 19 16:44

kcq avatar Mar 23 '19 02:03 kcq

A temporary workaround is to run docker-slim from a root shell.

kcq avatar Mar 23 '19 02:03 kcq

Yup, I realize that. Thanks -.. ..-.

On Fri, Mar 22, 2019 at 7:26 PM Kyle Quest [email protected] wrote:

A temporary workaround is to run docker-slim from a root shell.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/docker-slim/docker-slim/issues/73#issuecomment-475831567, or mute the thread https://github.com/notifications/unsubscribe-auth/Ab3dYL4YA96jKiuA17fy5xe0Xcum7d2pks5vZZC_gaJpZM4cEqMq .

dforouhari avatar Mar 23 '19 02:03 dforouhari

Hopefully a more permanent solution will be available soon :-)

kcq avatar Mar 23 '19 03:03 kcq

The 1.26.0 release introduces a new way to collect the container artifacts that should avoid the file permission problem: Linux: https://downloads.dockerslim.com/releases/1.26.0/dist_linux.tar.gz Mac: https://downloads.dockerslim.com/releases/1.26.0/dist_mac.zip

kcq avatar Nov 23 '19 16:11 kcq

This was never fixed?

megalucio avatar Jun 20 '25 08:06 megalucio

This was never fixed?

@megalucio yes :-) The extracted files are now saved in a tar file, which avoids any kind of conflict with the host environment permissions. There's still a way to get the original behavior to save the container files one by one (there's a flag for it), but it's disabled by default.

kcq avatar Jun 20 '25 19:06 kcq