-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
/tmp permissions broken in some subset of multi-stage builds #1176
Comments
Just realized the linked repository was private, I've fixed that |
We're also having this bug but we're using a single-stage build. We're getting it in our production image in 100% of cases, thus it's not flaky. But it's hard to say what causes it exactly. We're using several dependency managers in the image (yarn being one of them) and the bug happens only when all of them are used.
We're also seeing this. The permissions are changed after image is built. |
@mothershipper This is now fixed on master and latest kaniko release! Please re-open if you this issue again. |
Thanks @tejal29 and @gilbsgilbs, confirmed that 0.22.0 fixes the issue in our repro repository. |
It works for us too, thanks! |
Actual behavior
I have a multi-stage build using nodejs/yarn. When I install and run yarn in the second stage, the resulting
/tmp
folder under adocker run
has the following permissionsnode@2355092d5f0f:/usr/src/app$ ls -la /tmp/ total 12 drwxr-xr-x 1 root root 4096 Apr 3 22:58 . drwxr-xr-x 1 root root 4096 Apr 3 22:58 .. drwxr-xr-x 1 root root 4096 Apr 3 22:58 v8-compile-cache-0
Even stranger is that these permissions seem correct at every point in the build, here's the last step before
CMD
:Just the resulting image has the permission flags wrong for
/tmp
Expected behavior
When I build the same image using Docker, the
/tmp
folder is left alone:node@194d8cf3afd1:/usr/src/app$ ls -la /tmp/ total 20 drwxrwxrwt 1 root root 4096 Mar 31 03:27 . drwxr-xr-x 1 root root 4096 Apr 3 22:59 .. drwxr-xr-x 1 root root 4096 Mar 31 03:27 v8-compile-cache-0
To Reproduce
Full Repro:
https://github.com/mothership/kaniko-issue-repro
You should be able to pull those images as well and inspect them locally.
Additional Information
node:12.16.1-slim
), this repro installs the exact same version over it, but we noticed it when we tried to upgrade yarnyarn
, but we've not been able to find any other way to reproduce.Triage Notes for the Maintainers
--cache
flagThe text was updated successfully, but these errors were encountered: