Description
My Dockerfile
FROM centos:7
CMD "setcap cap_net_admin,cap_net_raw+p /usr/bin/ping"
I have used setcap to change file /usr/bin/ping capability. When I use ctr to pull my image, the file /usr/bin/ping has lost these capabilities, but I use docker pull, it haven't lost.
Steps to reproduce the issue:
- Use my Dockerfile to build image, and push it into registry
- ctr pull image
ctr images pull mycentos:7
- use image to run container, and use
getcap /usr/bin/ping to check capabilities.
Describe the results you received:
Describe the results you expected:
Output of containerd --version:
containerd github.com/containerd/containerd v1.2.0-120-g0b0d6e6 0b0d6e6bdd78f02e33e308eb0bc41561d80fc62e
Description
My Dockerfile
I have used setcap to change file
/usr/bin/pingcapability. When I use ctr to pull my image, the file/usr/bin/pinghas lost these capabilities, but I usedocker pull, it haven't lost.Steps to reproduce the issue:
getcap /usr/bin/pingto check capabilities.Describe the results you received:
Describe the results you expected:
Output of
containerd --version: