File permissions ignored when running in Docker
AJDurant opened this issue · comments
When running msys2 inside Docker, it seems to incorrectly read the permissions of the underling filesystem.
Uses icacls
on Windows to modify file/folder permissions, these commands work as expected, and set the permissions in the filesystem, which can be verified as set using icacls.
Things change once docker is brought into the mix:
Host | Docker using volume mount | Docker non-mount | |
---|---|---|---|
Powershell | > icacls foo /deny Everyone:r > Get-Content foo Get-Content: Access to the path 'D:\tmp\msysperms\foo' is denied |
> Get-Content foo foo |
> icacls foo /deny Everyone:r > Get-Content foo Get-Content : Access to the path 'C:\msysperms2\foo' is denied |
MSYS | $ cat foo cat: foo: Permission denied |
# cat foo foo |
# cat foo ▒▒foo |
This seems like it might be related to #59, but also could be upstream in the Docker volume system, as both inside and outside msys2 ignore permissions in that case.
I think I did the above tests using Hyper-V isolation, but I've seen the problem when using volume mounts with process isolation too (process isolation mitigates #59). This is also using the ContainerAdministrator account, I haven't tested with the ContainerUser account, but on a normal system running as admin the read is still blocked.