Additional note:
This does not affect docker when using the overlayfs storage driver. I
am using the vfs storage driver because I am using ZFS which is not
supported by overlayfs.
If one is using ext4 (or another overlayfs supported filesystem) then
this can also be fixed by doing the following:
[Host machine]
## Load overlayfs
# modprobe overlay
... (also add to /etc/modules to have load on boot)
[LXD container]
## Restart docker daemon (if container was already running)
# service docker restart
## Confirm overlay storage driver is active
# docker info | grep Storage
Storage Driver: overlay
** Description changed:
[Summary]
dockerd has a umask of 0177 when running inside a lxd container. This
- causes the file created win /var/lib/docker to only be accessible by
+ causes the files created in /var/lib/docker to only be accessible by
root which in term causes permission errors for non-root users within
- the docker containers.
+ docker containers when using the vfs storage driver.
[Machines]
Installed docker.io both inside a lxd container and inside a VirtualBox
virtual machine.
1. LXD
Host running: Ubuntu 16.04.2 LTS, lxd 2.15-0ubuntu6~ubuntu16.04.1
LXD container: Ubuntu 16.04.2 LTS, docker.io 1.12.6-0ubuntu1~16.04.1
Docker: Storage driver default 'vfs'
2. VirtualBox
Host running: MacOS Sierra 10.12.6, VirtualBox 5.1.26
Virtual machine: Ubuntu 16.04.3 LTS, docker.io 1.12.6-0ubuntu1~16.04.1
Docker: Storage driver set to vfs in /etc/docker/daemon.json:
{
- "storage-driver": "vfs"
+ "storage-driver": "vfs"
}
[Test]
Used gdb to check the effective umask of dockerd in each case:
1. LXD
# gdb --pid 1234
...
(gdb) call/o umask(0)
$1 = 0177
(gdb)
-
2. VirtualBox
# gdb --pid 1234
...
(gdb) call/o umask(0)
$1 = 022
(gdb)
[Permissons]
1. LXD
/var/lib/docker# ls -l
total 22
drwx------ 4 root root 4 Aug 3 10:11 containers
drw------- 3 root root 3 Jul 31 14:20 image
drw------- 3 root root 3 Jul 31 14:20 network
drw------- 2 root root 2 Jul 31 14:20 swarm
drwx------ 2 root root 2 Aug 3 09:23 tmp
drw------- 2 root root 2 Jul 31 14:20 trust
drw------- 3 root root 3 Jul 31 14:21 vfs
drw------- 2 root root 3 Aug 3 09:22 volumes
Images in vfs/dir/xxxx are mode drw-------
2. VirtualBox
/var/lib/docker# ls -l
total 36
drwx------ 5 root root 4 Aug 3 10:11 aufs
drwx------ 2 root root 4 Aug 3 10:11 containers
drwx------ 4 root root 3 Jul 31 14:20 image
drwxr-x--- 3 root root 3 Jul 31 14:20 network
drwx------ 2 root root 2 Jul 31 14:20 swarm
drwx------ 2 root root 2 Aug 3 09:23 tmp
drwx------ 2 root root 2 Jul 31 14:20 trust
drwx------ 3 root root 3 Jul 31 14:21 vfs
drwx------ 2 root root 3 Aug 3 09:22 volumes
Images in vfs/dir/xxxxx are mode drwxr-xr-x
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1708445
Title:
dockerd umask inside lxd container
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1708445/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
