diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index c3ba939550..cd7f4eff81 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -235,7 +235,9 @@ being built (also called the *context* of the build) or a remote file URL. `` is the absolute path to which the source will be copied inside the destination container. -All new files and directories are created with mode 0755, uid and gid 0. +All new files and directories are created with a uid and gid of 0. + +In the case where `` is a remote file URL, the destination will have permissions 600. > **Note**: > If you build using STDIN (`docker build - < somefile`), there is no diff --git a/integration-cli/build_tests/TestAdd/EtcToRoot/Dockerfile b/integration-cli/build_tests/TestAdd/EtcToRoot/Dockerfile new file mode 100644 index 0000000000..58c75b00f3 --- /dev/null +++ b/integration-cli/build_tests/TestAdd/EtcToRoot/Dockerfile @@ -0,0 +1,2 @@ +FROM scratch +ADD . / diff --git a/integration-cli/build_tests/TestAdd/SingleFileToRoot/Dockerfile b/integration-cli/build_tests/TestAdd/SingleFileToRoot/Dockerfile index e96201d858..561dbe9c55 100644 --- a/integration-cli/build_tests/TestAdd/SingleFileToRoot/Dockerfile +++ b/integration-cli/build_tests/TestAdd/SingleFileToRoot/Dockerfile @@ -5,5 +5,5 @@ RUN touch /exists RUN chown dockerio.dockerio /exists ADD test_file / RUN [ $(ls -l /test_file | awk '{print $3":"$4}') = 'root:root' ] -RUN [ $(ls -l /test_file | awk '{print $1}') = '-rwxr-xr-x' ] +RUN [ $(ls -l /test_file | awk '{print $1}') = '-rw-r--r--' ] RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ] diff --git a/integration-cli/build_tests/TestAdd/WholeDirToRoot/Dockerfile b/integration-cli/build_tests/TestAdd/WholeDirToRoot/Dockerfile index 2f10979487..03e9ac0b1c 100644 --- a/integration-cli/build_tests/TestAdd/WholeDirToRoot/Dockerfile +++ b/integration-cli/build_tests/TestAdd/WholeDirToRoot/Dockerfile @@ -7,5 +7,5 @@ ADD test_dir /test_dir RUN [ $(ls -l / | grep test_dir | awk '{print $3":"$4}') = 'root:root' ] RUN [ $(ls -l / | grep test_dir | awk '{print $1}') = 'drwxr-xr-x' ] RUN [ $(ls -l /test_dir/test_file | awk '{print $3":"$4}') = 'root:root' ] -RUN [ $(ls -l /test_dir/test_file | awk '{print $1}') = '-rwxr-xr-x' ] +RUN [ $(ls -l /test_dir/test_file | awk '{print $1}') = '-rw-r--r--' ] RUN [ $(ls -l /exists | awk '{print $3":"$4}') = 'dockerio:dockerio' ] diff --git a/integration-cli/docker_cli_build_test.go b/integration-cli/docker_cli_build_test.go index 041b10d8bc..455264d9f8 100644 --- a/integration-cli/docker_cli_build_test.go +++ b/integration-cli/docker_cli_build_test.go @@ -152,6 +152,21 @@ func TestAddWholeDirToRoot(t *testing.T) { logDone("build - add whole directory to root") } +func TestAddEtcToRoot(t *testing.T) { + buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestAdd") + buildCmd := exec.Command(dockerBinary, "build", "-t", "testaddimg", "EtcToRoot") + buildCmd.Dir = buildDirectory + out, exitCode, err := runCommandWithOutput(buildCmd) + errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err)) + + if err != nil || exitCode != 0 { + t.Fatal("failed to build the image") + } + + deleteImages("testaddimg") + logDone("build - add etc directory to root") +} + // Issue #5270 - ensure we throw a better error than "unexpected EOF" // when we can't access files in the context. func TestBuildWithInaccessibleFilesInContext(t *testing.T) { diff --git a/server/buildfile.go b/server/buildfile.go index b37053ac16..f71f945748 100644 --- a/server/buildfile.go +++ b/server/buildfile.go @@ -438,9 +438,6 @@ func (b *buildFile) addContext(container *daemon.Container, orig, dest string, r if err := os.Lchown(path, uid, gid); err != nil && !os.IsNotExist(err) { return err } - if err := os.Chmod(path, 0755); err != nil && !os.IsNotExist(err) { - return err - } return nil }) }