Last active
August 29, 2015 14:16
-
-
Save thaJeztah/8aa9e0760e63262b8aea to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Repro case for https://github.com/docker/docker/issues/783 | |
| cat << EOF > Dockerfile | |
| FROM ubuntu:14.04 | |
| # Create and change permissions in a single step (layer) | |
| RUN mkdir -m 700 /single-layer && chmod 777 /single-layer | |
| # Create and change permissions in two steps (layers) | |
| RUN mkdir -m 700 /two-layer | |
| RUN chmod 777 /two-layer | |
| # Create and change permissions in two steps (layers) | |
| RUN mkdir -m 700 /workaround | |
| RUN chmod 777 /workaround | |
| # then move the directory and move it back | |
| RUN mv /workaround /workaround-tmp | |
| RUN mv /workaround-tmp /workaround | |
| # Create a second user and switch to that user | |
| RUN useradd another-user | |
| USER another-user | |
| CMD echo "\n-----------------------------------\n" \ | |
| && echo "running as:" \ | |
| && whoami \ | |
| && echo "\naccess 'single-layer':" \ | |
| && ls -la /single-layer \ | |
| && echo "\naccess 'workaround':" \ | |
| && ls -la /workaround \ | |
| && echo "\naccess 'two-layer':" \ | |
| && ls -la /two-layer | |
| EOF | |
| docker build --no-cache -t issue-783 . | |
| # should work correctly | |
| docker run --rm -u root issue-783 | |
| # should fail on 'access two-layer' | |
| docker run --rm issue-783 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment