We're having issues using the PUT /containers/(id)/archive endpoint due to file ownership permissions. When a container is running as a non-root user, the ownership is always reset back to root after uploading the file.
> docker version
Client:
Version: 1.10.0
API version: 1.22
Go version: go1.5.3
Git commit: 590d5108
Built: Thu Feb 4 18:36:33 2016
OS/Arch: linux/amd64
Server:
Version: 1.10.0
API version: 1.22
Go version: go1.5.3
Git commit: 590d5108-unsupported
Built: Fri Feb 5 02:32:52 2016
OS/Arch: linux/amd64
Given an image with a directory owned by a different user
FROM ubuntu
RUN mkdir /opt/www-data && chown www-data:www-data /opt/www-data
docker build -t secure .
And a tar file owned by a non-root user
> touch test
> tar -zcvf test.tar.gz test
> ls -lha
-rw-r--r-- 1 non-root non-root 0 Mar 30 10:19 test
-rw-r--r-- 1 non-root non-root 114 Mar 30 10:19 test.tar.gz
When you launch the container as a non-root user
docker run -d -u www-data --name target secure sleep 100000
After uploading the tar, the file ownership permissions will be reset to root. The ownership should match either the original file or the user the container is being run as.
curl -s -XPUT -T test.tar.gz docker:2345/containers/target/archive?path=/opt/www-data
docker exec -it target bash
> /opt/www-data$ ls -lha
drwxr-xr-x 1 www-data www-data 4.0K Mar 30 10:24 .
drwxr-xr-x 1 root root 4.0K Mar 30 10:22 ..
-rw-r--r-- 1 root root 0 Mar 30 10:19 test
We're having issues using the PUT /containers/(id)/archive endpoint due to file ownership permissions. When a container is running as a non-root user, the ownership is always reset back to root after uploading the file.
Given an image with a directory owned by a different user
And a tar file owned by a non-root user
When you launch the container as a non-root user
After uploading the tar, the file ownership permissions will be reset to root. The ownership should match either the original file or the user the container is being run as.