Docker doesn't honor hard links
bmgdc opened this issue · comments
Problem description
Docker doesn't honor hard links. The Dockerfile
. . .
FROM ubuntu:jammy
USER root
WORKDIR /home/the_best_user
RUN mkdir -p /home/the_best_user/parent_dir_1/child_dir_1
RUN mkdir /home/the_best_user/parent_dir_1/child_dir_2
RUN mkdir /home/the_best_user/parent_dir_1/child_dir_3
RUN mkdir -p /home/the_best_user/parent_dir_2/child_dir_1
RUN mkdir -p /home/the_best_user/parent_dir_2/child_dir_2/grandchild_dir_1
RUN mkdir /home/the_best_user/parent_dir_2/child_dir_3
RUN mkdir -p /home/the_best_user/parent_dir_3/child_dir_1
RUN mkdir /home/the_best_user/parent_dir_3/child_dir_2
RUN touch /home/the_best_user/parent_dir_3/child_dir_2/file1.txt
RUN touch /home/the_best_user/parent_dir_1/child_dir_3/file1.txt
RUN touch /home/the_best_user/parent_dir_1/child_dir_3/file2.txt
RUN touch /home/the_best_user/parent_dir_1/child_dir_3/file3.txt
. . . should leave the filesystem in a state such that the hard links are as follow.
root@6ce81005f874:/home/the_best_user# ls -hil
total 0
106348510 drwxr-xr-x 5 root root 63 Sep 7 00:26 parent_dir_1
106348508 drwxr-xr-x 5 root root 63 Sep 7 00:25 parent_dir_2
5815910 drwxr-xr-x 4 root root 44 Sep 7 00:25 parent_dir_3
(This was obtained from running the exact same commands in the container).
However, as can be seen at the bottom of the following screenshot, they're all set to 1
for some reason.
The screenshot above is from the Play with Docker playground as is the following output.
docker info
output
Docker Info:
Client:
Version: 24.0.2
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.10.5
Path: /usr/local/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.18.1
Path: /usr/local/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 6
Running: 0
Paused: 0
Stopped: 6
Images: 3
Server Version: 24.0.2
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 1677a17964311325ed1c31e2c0a3589ce6d5c30d
runc version: v1.1.7-0-g860f061
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: builtin
Kernel Version: 4.4.0-210-generic
Operating System: Alpine Linux v3.18 (containerized)
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 31.42GiB
Name: node1
ID: 64f4fda4-8342-4d49-9992-63a1b631386a
Docker Root Dir: /var/lib/docker
Debug Mode: true
File Descriptors: 27
Goroutines: 42
System Time: 2023-09-07T00:37:45.416647811Z
EventsListeners: 0
Experimental: true
Insecure Registries:
127.0.0.1
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
WARNING: API is accessible on http://0.0.0.0:2375 without encryption.
Access to the remote API is equivalent to root access on the host. Refer
to the 'Docker daemon attack surface' section in the documentation for
more information: https://docs.docker.com/go/attack-surface/
WARNING: No swap limit support
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Task List
- This is NOT a security issue
- I do NOT have a Docker subscription
- I have looked through other issues and they do NOT apply to me
Hi, this would probably be a report for https://github.com/moby/moby or https://github.com/moby/buildkit since this pertains to Docker Engine, not Docker Hub.