Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Injected configs are not world readable by default #12656

Closed
GethDeeo opened this issue Mar 21, 2025 · 2 comments
Closed

[BUG] Injected configs are not world readable by default #12656

GethDeeo opened this issue Mar 21, 2025 · 2 comments
Labels
kind/bug status/0-triage

Comments

@GethDeeo
Copy link

Description

After upgrading Docker and Docker Compose, the injected (inline) configs are not created as world-readable anymore.

Steps To Reproduce

  1. Create compose.yaml with the following content:
services:
  example:
    image: bash
    configs: [{ source: foo, target: /foo }]
configs: { foo: { content: 'bar' } }
  1. Start it up: docker compose run --rm example bash
  2. List files in container's root directory: ls -aFl /
  3. Observe that the /foo file is not world-readable, permission is 0440 instead of 0444.

Compose Version

Docker Compose version v2.34.0

Docker Environment

Client: Docker Engine - Community
 Version:    28.0.2
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.22.0
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.34.0
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 19
 Server Version: 28.0.2
 Storage Driver: overlayfs
  driver-type: io.containerd.snapshotter.v1
 Logging Driver: local
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: bcc810d6b9066471b0b6fa75f557a15a1cbf31bb
 runc version: v1.2.4-0-g6c52b3f
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
  no-new-privileges
 Kernel Version: 5.15.167.4-microsoft-standard-WSL2
 Operating System: Ubuntu 24.04.2 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 15.59GiB
 Name: geth-desktop
 ID: 5814c356-970f-4d80-8dfa-4bbe4da79f33
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Username: gethdeeo
 Experimental: false
 Insecure Registries:
  ::1/128
  127.0.0.0/8
 Live Restore Enabled: false
 Default Address Pools:
   Base: 172.25.0.0/16, Size: 24
   Base: fd4f:edd1:2b21:1011::/64, Size: 80

Anything else?

No response
@bambamboole
Copy link

bambamboole commented Mar 24, 2025
edited
Loading

We also just hit the same issue.
I somehow have the feeling, that this one here is the culprit: b6f313b

@ndeloof
Copy link
Contributor

ndeloof commented Mar 25, 2025

same cause as #12658

@ndeloof ndeloof closed this as completed Mar 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug status/0-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ndeloof @bambamboole @GethDeeo