logo标签列表

为什么Docker的COPY命令不会改变文件权限?(--chmod)

linuxdockerfile-permissionschmoddocker-build
31

考虑到这个Dockerfile

FROM docker.io/alpine

RUN mkdir test

# RUN umask 0022
COPY README /test/README
COPY --chmod=777 README /test/README-777
COPY --chmod=755 README /test/README-755

COPY FORALL /test/FORALL
COPY --chmod=777 FORALL /test/FORALL-777
COPY --chmod=755 FORALL /test/FORALL-755

RUN ls -la /test

我期望在Docker构建过程中(docker build ./),readwriteexecute权限会被正确设置。

但是最后的命令返回:

total 8
drwxr-xr-x    1 root     root          4096 Jun  9 19:20 .
drwxr-xr-x    1 root     root          4096 Jun  9 19:20 ..
-rwxrwxrwx    1 root     root             0 Jun  9 19:19 FORALL
-rwxrwxrwx    1 root     root             0 Jun  9 19:19 FORALL-755
-rwxrwxrwx    1 root     root             0 Jun  9 19:19 FORALL-777
-rw-rw-r--    1 root     root             0 Jun  9 19:19 README
-rw-rw-r--    1 root     root             0 Jun  9 19:19 README-755
-rw-rw-r--    1 root     root             0 Jun  9 19:19 README-777

没有更改任何文件权限,也没有出现错误.

为什么它不起作用?
如何修复这个问题?

2个回答
40

我已经明白了:
--chmod 标志是由 Docker Buildkit 引入的 新功能,因此需要通过以下方式运行构建来启用它:

DOCKER_BUILDKIT=1 docker build ./

然而,目前仍不清楚为什么Docker会悄无声息地忽略--chmod选项,而不提示任何有关不存在该选项的错误或警告。

12

这个问题在20.10.6版本中已经修复 (拉取请求, 跟踪问题):

$ cat df.chmod 
FROM busybox as base

RUN touch /test

FROM busybox as release
COPY --from=base --chmod=777 /test /test-777
COPY --from=base --chmod=555 /test /test-555
CMD ls -l /test*

$ DOCKER_BUILDKIT=0 docker build -t test-chmod-classic -f df.chmod .
Sending build context to Docker daemon  22.02kB
Step 1/6 : FROM busybox as base
 ---> a9d583973f65
Step 2/6 : RUN touch /test
 ---> Running in ed48f45a5dca
Removing intermediate container ed48f45a5dca
 ---> 5606d2d23861
Step 3/6 : FROM busybox as release
 ---> a9d583973f65
Step 4/6 : COPY --from=base --chmod=777 /test /test-777
the --chmod option requires BuildKit. Refer to https://docs.docker.com/go/buildkit/ to learn how to build images with BuildKit enabled

如果使用buildkit运行构建,则会出现预期结果:

$ DOCKER_BUILDKIT=1 docker build -t test-chmod-buildkit -f df.chmod .
[+] Building 1.0s (8/8) FINISHED
 => [internal] load build definition from df.chmod                                                                                    0.0s
 => => transferring dockerfile: 214B                                                                                                  0.0s
 => [internal] load .dockerignore                                                                                                     0.0s
 => => transferring context: 49B                                                                                                      0.0s
 => [internal] load metadata for docker.io/library/busybox:latest                                                                     0.0s
 => CACHED [base 1/2] FROM docker.io/library/busybox                                                                                  0.0s
 => [base 2/2] RUN touch /test                                                                                                        0.6s
 => [release 2/3] COPY --from=base --chmod=777 /test /test-777                                                                        0.1s
 => [release 3/3] COPY --from=base --chmod=555 /test /test-555                                                                        0.1s
 => exporting to image                                                                                                                0.0s
 => => exporting layers                                                                                                               0.0s
 => => writing image sha256:a4df92175046e36a72a769f9c7b297bc04a825708c5f6ca5873428b55c340036                                          0.0s
 => => naming to docker.io/library/test-chmod-buildkit                                                                                0.0s

$ docker run --rm test-chmod-buildkit
-r-xr-xr-x    1 root     root             0 Jun 10 13:00 /test-555
-rwxrwxrwx    1 root     root             0 Jun 10 13:00 /test-777
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接