/kind bug
Description
A directory owned by root and in .containerignore is still being added to the build.
Steps to reproduce the issue:
printf "FROM quay.io/libpod/testimage:20210610\nCOPY ./ ./\n" >Dockerfilemkdir -p volume/datacd volumesudo chown root:root datasudo chmod 700 datacd ..echo "volume/ > .containerignorepodman build -f Dockerfile
Describe the results you received:
Build fails with:
√ ; podman build -f Dockerfile
STEP 1: FROM quay.io/libpod/testimage:20210610
STEP 2: COPY ./ ./
Error: error building at STEP "COPY ./ ./": error reading "/home/yann/tmp/podman": error during bulk transfer for copier.request{Request:"GET", Root:"/", preservedRoot:"/home/yann/tmp/podman", rootPrefix:"/home/yann/tmp/podman", Directory:"/", preservedDirectory:"/home/yann/tmp/podman", Globs:[]string{"/"}, preservedGlobs:[]string{"/home/yann/tmp/podman"}, StatOptions:copier.StatOptions{CheckForArchives:false, Excludes:[]string(nil)}, GetOptions:copier.GetOptions{UIDMap:[]idtools.IDMap(nil), GIDMap:[]idtools.IDMap(nil), Excludes:[]string{"volume"}, ExpandArchives:false, ChownDirs:(*idtools.IDPair)(0xc0005af510), ChmodDirs:(*fs.FileMode)(nil), ChownFiles:(*idtools.IDPair)(0xc0005af520), ChmodFiles:(*fs.FileMode)(nil), StripSetuidBit:true, StripSetgidBit:true, StripStickyBit:false, StripXattrs:false, KeepDirectoryNames:false, Rename:map[string]string(nil), NoDerefSymlinks:false, IgnoreUnreadable:false, NoCrossDevice:false}, PutOptions:copier.PutOptions{UIDMap:[]idtools.IDMap(nil), GIDMap:[]idtools.IDMap(nil), DefaultDirOwner:(*idtools.IDPair)(nil), DefaultDirMode:(*fs.FileMode)(nil), ChownDirs:(*idtools.IDPair)(nil), ChmodDirs:(*fs.FileMode)(nil), ChownFiles:(*idtools.IDPair)(nil), ChmodFiles:(*fs.FileMode)(nil), StripXattrs:false, IgnoreXattrErrors:false, IgnoreDevices:false, NoOverwriteDirNonDir:false, Rename:map[string]string(nil)}, MkdirOptions:copier.MkdirOptions{UIDMap:[]idtools.IDMap(nil), GIDMap:[]idtools.IDMap(nil), ChownNew:(*idtools.IDPair)(nil), ChmodNew:(*fs.FileMode)(nil)}, RemoveOptions:copier.RemoveOptions{All:false}}: copier: get: "/"("/"): copier: get: error reading "/volume/data": open /volume/data: permission denied
✗ 125 ; ls -ld volume
drwxr-xr-x yann yann 8 B Thu Aug 5 15:06:33 2021 volume/
√ ; ls -ld volume/data
drwx------ root root 0 B Thu Aug 5 15:06:33 2021 volume/data/Describe the results you expected:
Build should succeed.
Additional information you deem important (e.g. issue happens only occasionally):
Output of podman version:
Version: 3.2.3
API Version: 3.2.3
Go Version: go1.16.6
Built: Mon Aug 2 20:39:21 2021
OS/Arch: linux/amd64
Output of podman info --debug:
host:
arch: amd64
buildahVersion: 1.21.3
cgroupControllers: []
cgroupManager: cgroupfs
cgroupVersion: v1
conmon:
package: conmon-2.0.29-2.fc34.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.0.29, commit: '
cpus: 24
distribution:
distribution: fedora
version: "34"
eventLogger: journald
hostname: nightwatch.neverness.org
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
kernel: 5.13.5-200.fc34.x86_64
linkmode: dynamic
memFree: 5768396800
memTotal: 33572855808
ociRuntime:
name: crun
package: crun-0.20.1-1.fc34.x86_64
path: /usr/bin/crun
version: |-
crun version 0.20.1
commit: 0d42f1109fd73548f44b01b3e84d04a279e99d2e
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
os: linux
remoteSocket:
path: /run/user/1000/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: true
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.1.9-1.fc34.x86_64
version: |-
slirp4netns version 1.1.8+dev
commit: 6dc0186e020232ae1a6fcc1f7afbc3ea02fd3876
libslirp: 4.4.0
SLIRP_CONFIG_VERSION_MAX: 3
libseccomp: 2.5.0
swapFree: 24696053760
swapTotal: 24696053760
uptime: 5h 47m 3.29s (Approximately 0.21 days)
registries:
search:
- registry.fedoraproject.org
- registry.access.redhat.com
- docker.io
- quay.io
store:
configFile: /home/yann/.config/containers/storage.conf
containerStore:
number: 1
paused: 0
running: 0
stopped: 1
graphDriverName: overlay
graphOptions: {}
graphRoot: /home/yann/.local/share/containers/storage
graphStatus:
Backing Filesystem: btrfs
Native Overlay Diff: "false"
Supports d_type: "true"
Using metacopy: "false"
imageStore:
number: 7
runRoot: /run/user/1000/containers
volumePath: /home/yann/.local/share/containers/storage/volumes
version:
APIVersion: 3.2.3
Built: 1627933161
BuiltTime: Mon Aug 2 20:39:21 2021
GitCommit: ""
GoVersion: go1.16.6
OsArch: linux/amd64
Version: 3.2.3
Package info (e.g. output of rpm -q podman or apt list podman):
podman-3.2.3-2.fc34.x86_64
Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)
Yes
Additional environment details (AWS, VirtualBox, physical, etc.):
N.A.
/kind bug
Description
A directory owned by
rootand in.containerignoreis still being added to the build.Steps to reproduce the issue:
printf "FROM quay.io/libpod/testimage:20210610\nCOPY ./ ./\n" >Dockerfilemkdir -p volume/datacd volumesudo chown root:root datasudo chmod 700 datacd ..echo "volume/ > .containerignorepodman build -f DockerfileDescribe the results you received:
Build fails with:
Describe the results you expected:
Build should succeed.
Additional information you deem important (e.g. issue happens only occasionally):
Output of
podman version:Output of
podman info --debug:Package info (e.g. output of
rpm -q podmanorapt list podman):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)
Yes
Additional environment details (AWS, VirtualBox, physical, etc.):
N.A.