diff --git a/container/container.go b/container/container.go index 5d3e3c7cbc..42ce6db8f4 100644 --- a/container/container.go +++ b/container/container.go @@ -18,10 +18,10 @@ import ( "github.com/docker/docker/daemon/network" "github.com/docker/docker/image" "github.com/docker/docker/layer" + "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/promise" "github.com/docker/docker/pkg/signal" "github.com/docker/docker/pkg/symlink" - "github.com/docker/docker/pkg/system" "github.com/docker/docker/runconfig" "github.com/docker/docker/volume" containertypes "github.com/docker/engine-api/types/container" @@ -184,7 +184,7 @@ func (container *Container) WriteHostConfig() error { } // SetupWorkingDirectory sets up the container's working directory as set in container.Config.WorkingDir -func (container *Container) SetupWorkingDirectory() error { +func (container *Container) SetupWorkingDirectory(rootUID, rootGID int) error { if container.Config.WorkingDir == "" { return nil } @@ -202,7 +202,7 @@ func (container *Container) SetupWorkingDirectory() error { return err } - if err := system.MkdirAll(pth, 0755); err != nil { + if err := idtools.MkdirAllNewAs(pth, 0755, rootUID, rootGID); err != nil { pthInfo, err2 := os.Stat(pth) if err2 == nil && pthInfo != nil && !pthInfo.IsDir() { return fmt.Errorf("Cannot mkdir: %s is not a directory", container.Config.WorkingDir) diff --git a/daemon/create_unix.go b/daemon/create_unix.go index ae369f13b9..583ca13b76 100644 --- a/daemon/create_unix.go +++ b/daemon/create_unix.go @@ -21,7 +21,8 @@ func (daemon *Daemon) createContainerPlatformSpecificSettings(container *contain } defer daemon.Unmount(container) - if err := container.SetupWorkingDirectory(); err != nil { + rootUID, rootGID := daemon.GetRemappedUIDGID() + if err := container.SetupWorkingDirectory(rootUID, rootGID); err != nil { return err } diff --git a/daemon/start.go b/daemon/start.go index 532c6b48db..09842e3ae3 100644 --- a/daemon/start.go +++ b/daemon/start.go @@ -126,7 +126,8 @@ func (daemon *Daemon) containerStart(container *container.Container) (err error) if err != nil { return err } - if err := container.SetupWorkingDirectory(); err != nil { + rootUID, rootGID := daemon.GetRemappedUIDGID() + if err := container.SetupWorkingDirectory(rootUID, rootGID); err != nil { return err } env := container.CreateDaemonEnvironment(linkedEnv) diff --git a/integration-cli/docker_cli_build_test.go b/integration-cli/docker_cli_build_test.go index fe037de3ba..88024c28e8 100644 --- a/integration-cli/docker_cli_build_test.go +++ b/integration-cli/docker_cli_build_test.go @@ -844,6 +844,17 @@ RUN ls -l /new_dir`, } } +func (s *DockerSuite) TestBuildWorkdirIsContainerRoot(c *check.C) { + testRequires(c, DaemonIsLinux) // Linux specific test + name := "testworkdirownership" + if _, err := buildImage(name, `FROM busybox +WORKDIR /new_dir +RUN ls -l / +RUN [ $(ls -l / | grep new_dir | awk '{print $3":"$4}') = 'root:root' ]`, true); err != nil { + c.Fatal(err) + } +} + func (s *DockerSuite) TestBuildAddMultipleFilesToFile(c *check.C) { name := "testaddmultiplefilestofile" diff --git a/integration-cli/docker_cli_run_test.go b/integration-cli/docker_cli_run_test.go index 8f0b5429e1..c57953b387 100644 --- a/integration-cli/docker_cli_run_test.go +++ b/integration-cli/docker_cli_run_test.go @@ -1742,7 +1742,7 @@ func (s *DockerSuite) TestRunCleanupCmdOnEntrypoint(c *check.C) { // TestRunWorkdirExistsAndIsFile checks that if 'docker run -w' with existing file can be detected func (s *DockerSuite) TestRunWorkdirExistsAndIsFile(c *check.C) { existingFile := "/bin/cat" - expected := "Cannot mkdir: /bin/cat is not a directory" + expected := "not a directory" if daemonPlatform == "windows" { existingFile = `\windows\system32\ntdll.dll` expected = `Cannot mkdir: \windows\system32\ntdll.dll is not a directory.` @@ -1750,7 +1750,7 @@ func (s *DockerSuite) TestRunWorkdirExistsAndIsFile(c *check.C) { out, exitCode, err := dockerCmdWithError("run", "-w", existingFile, "busybox") if !(err != nil && exitCode == 125 && strings.Contains(out, expected)) { - c.Fatalf("Docker must complains about making dir with exitCode 125 but we got out: %s, exitCode: %d", out, exitCode) + c.Fatalf("Existing binary as a directory should error out with exitCode 125; we got: %s, exitCode: %d", out, exitCode) } }