Description
If a Dockerfile uses the USER keyword with both a UID and GID like 0:0, Config.User gets set to 0:0. If using watch to update files, the file update then fails with getent unable to find entry "0:0" in passwd database. This is presumably because it tries to look up the user using getent with 0:0 which doesn't match any records.
This could presumably be fixed by either populating Config.User with the UID alone, or having the watch functionality extract the UID and use that to look up the user. I'm unsure which is more appropriate.
Reproduce
- create these files (I'd attach them, but .yaml and .sh files are prohibited):
=== Dockerfile ===
FROM alpine
COPY --chown=0:0 files .
USER 0
CMD [ "sh", "start.sh" ]
=== docker-compose.yaml ===
services:
gidtest:
build:
context: .
dockerfile: Dockerfile
develop:
watch:
- action: sync
path: files
target: /=== files/start.sh ===
#!/bin/sh
last=0
while true; do
cur=`stat -c %Y test`
if test $cur -ne $last
then
ls -l test
last=$cur
sleep 5
fi
done
=== files/test ===
- docker compose up
- Click "w" to enable watch
- edit files/test
- Receive error response from daemon
Expected behavior
The updated file should be propagated into the container without errors
docker version
Client:
Version: 27.4.0
API version: 1.47
Go version: go1.22.10
Git commit: bde2b89
Built: Sat Dec 7 10:35:43 2024
OS/Arch: darwin/amd64
Context: desktop-linux
Server: Docker Desktop 4.37.1 (178610)
Engine:
Version: 27.4.0
API version: 1.47 (minimum version 1.24)
Go version: go1.22.10
Git commit: 92a8393
Built: Sat Dec 7 10:38:57 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.7.21
GitCommit: 472731909fa34bd7bc9c087e4c27943f9835f111
runc:
Version: 1.1.13
GitCommit: v1.1.13-0-g58aa920
docker-init:
Version: 0.19.0
GitCommit: de40ad0
docker info
Client:
Version: 27.4.0
Context: desktop-linux
Debug Mode: false
Plugins:
ai: Ask Gordon - Docker Agent (Docker Inc.)
Version: v0.5.1
Path: /Users/johnrehwinkel/.docker/cli-plugins/docker-ai
buildx: Docker Buildx (Docker Inc.)
Version: v0.19.2-desktop.1
Path: /Users/johnrehwinkel/.docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.31.0-desktop.2
Path: /Users/johnrehwinkel/.docker/cli-plugins/docker-compose
debug: Get a shell into any image or container (Docker Inc.)
Version: 0.0.37
Path: /Users/johnrehwinkel/.docker/cli-plugins/docker-debug
desktop: Docker Desktop commands (Beta) (Docker Inc.)
Version: v0.1.0
Path: /Users/johnrehwinkel/.docker/cli-plugins/docker-desktop
dev: Docker Dev Environments (Docker Inc.)
Version: v0.1.2
Path: /Users/johnrehwinkel/.docker/cli-plugins/docker-dev
extension: Manages Docker extensions (Docker Inc.)
Version: v0.2.27
Path: /Users/johnrehwinkel/.docker/cli-plugins/docker-extension
feedback: Provide feedback, right in your terminal! (Docker Inc.)
Version: v1.0.5
Path: /Users/johnrehwinkel/.docker/cli-plugins/docker-feedback
init: Creates Docker-related starter files for your project (Docker Inc.)
Version: v1.4.0
Path: /Users/johnrehwinkel/.docker/cli-plugins/docker-init
sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
Version: 0.6.0
Path: /Users/johnrehwinkel/.docker/cli-plugins/docker-sbom
scout: Docker Scout (Docker Inc.)
Version: v1.15.1
Path: /Users/johnrehwinkel/.docker/cli-plugins/docker-scout
Server:
Containers: 8
Running: 7
Paused: 0
Stopped: 1
Images: 104
Server Version: 27.4.0
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
CDI spec directories:
/etc/cdi
/var/run/cdi
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 472731909fa34bd7bc9c087e4c27943f9835f111
runc version: v1.1.13-0-g58aa920
init version: de40ad0
Security Options:
seccomp
Profile: unconfined
cgroupns
Kernel Version: 6.10.14-linuxkit
Operating System: Docker Desktop
OSType: linux
Architecture: x86_64
CPUs: 12
Total Memory: 7.655GiB
Name: docker-desktop
ID: 3f67f719-e4e8-4817-801b-c6e5537164b5
Docker Root Dir: /var/lib/docker
Debug Mode: false
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
No Proxy: hubproxy.docker.internal
Labels:
com.docker.desktop.address=unix:///Users/johnrehwinkel/Library/Containers/com.docker.docker/Data/docker-cli.sock
Experimental: false
Insecure Registries:
hubproxy.docker.internal:5555
127.0.0.0/8
Live Restore Enabled: false
WARNING: daemon is not using the default seccomp profileAdditional Info
No response
Description
If a Dockerfile uses the
USERkeyword with both a UID and GID like0:0, Config.User gets set to0:0. If using watch to update files, the file update then fails withgetent unable to find entry "0:0" in passwd database. This is presumably because it tries to look up the user using getent with0:0which doesn't match any records.This could presumably be fixed by either populating Config.User with the UID alone, or having the watch functionality extract the UID and use that to look up the user. I'm unsure which is more appropriate.
Reproduce
=== Dockerfile ===
=== docker-compose.yaml ===
=== files/start.sh ===
=== files/test ===
Expected behavior
The updated file should be propagated into the container without errors
docker version
Client: Version: 27.4.0 API version: 1.47 Go version: go1.22.10 Git commit: bde2b89 Built: Sat Dec 7 10:35:43 2024 OS/Arch: darwin/amd64 Context: desktop-linux Server: Docker Desktop 4.37.1 (178610) Engine: Version: 27.4.0 API version: 1.47 (minimum version 1.24) Go version: go1.22.10 Git commit: 92a8393 Built: Sat Dec 7 10:38:57 2024 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.7.21 GitCommit: 472731909fa34bd7bc9c087e4c27943f9835f111 runc: Version: 1.1.13 GitCommit: v1.1.13-0-g58aa920 docker-init: Version: 0.19.0 GitCommit: de40ad0docker info
Additional Info
No response